That Jan going to be tricky - for that validation flow you'll need to create a basic auth user in Tyk and grant then access to the OAuth protected api.
To validate against your server, you could add a post-authentication middleware, but that creates duplication, so you might as well just create a custom auth handler.