Manage OAuth client authentication to external endpoints?

It occurred to me last night that it would be really useful if Istio could proxy server-to-server OAuth authentication using configured Secrets. Like to external endpoints routed through ServiceEntry’s. It seems natural to me, but I’m guessing from the lack of findings on this, it must be a “bad idea”?

(Found an older, unanswered thread that I think is asking roughly the same thing.)