So what I'm looking for is a (preferably) simple way to connect a Web API's login system at least partly to the underlying OS' user management. Basically, allow certain users of the host PC to authenticate towards the web service.

I couldn't find much info on this, there are Identity providers that use Active Directory, but what I'd be looking for would use the native user and group managements of Windows and Linux - mostly the latter.

For that I've started writing an identity provider that runs as root, and authenticates users, allows minimal group management, but it requires root. I've thought of "outsourcing" the reading and writing of the appropriate files (currently done to Linux only unfortunately, but it writes /etc/passwd, /etc/shadow and /etc/groups) to a native Linux service running with elevated rights, however that exposes sensitive information about the system. And of course if there's an already written solution, I'd prefer to use that.