This is an interesting use case. I think we can build a quickstart based on your use case.
I am glad you are interested in this specific configuration.
In meantime I made some progress implementing both of the API and IDP modules in one.
For now I identified one little problem [PLINK-663] Relationship Identity Properties of Grant does not contain link to the Role - JBoss Issue Tracker . I made the mentioned change and looking deeper into it.
Any progress on this one ?