I would think the easiest approach would be to implement a Custom OAuth2 provider, if it works like the rest of ServiceStack’s OAuth2 providers it should be pretty easy to implement, you can use GoogleAuthProvider as a guide, if you’re lucky you may not need to override any of the default implementation in the base methods, otherwise you’ll need to overload some.
The long term approach might be to get rid of the Nancy and remote OAuth2 dependency alttogether where you may want to consider creating a custom CredentialsAuthProvider which it if this is the first time they’ve authenticated then use the Username/Password to validate the credentials with the remote server, if it’s valid then use the password to create a user in the Auth Repo (i.e. AuthRepo.CreateUserAuth(user,password)` then authenticate them, otherwise if they already exist in ServiceStack, authenticate them normally.