I’m on your side in that I would never take a contract to actually do this, but…

If we swapped out the IAM backend for something extremely simple like just private keys (one per allowed service or JWT-style list all services in the key), then we could have something that looks/feels pretty similar. With a 2$ token spend.

Not at all the same but it would look/feel pretty close.