Indy has all the raw ingredients you need for this, but they are not yet packaged in a way that will make this easy.
There is also an ongoing effort to do what’s called “DID Auth” with Sovrin, where you prove that you own a DID, and thereby establish a session of sorts. You could contact Kyle Den Hartog on Indy’s Rocket.Chat (#indy-agent) to learn more.
Part of the reason why your workflow is not a first-class sample at this point is that indy thinks about authentication a bit differently, by design. Instead of establishing trusted sessions and then holding that trust until the session expires, it establishes a secure (but untrusted) channel. Every message sent over that channel is individually authenticated; there is no session construct that gives it extra credence. Trust of the party at the other end of the channel is tied to credential exchange, not to the mere existence of a secure channel. (If that paragraph sounds confusing, I’ll simply say it really means what it says, and that it matters. Could be discussed more on a community call.)
Anyway, this doesn’t invalidate your use case for Sovrin/Indy–far from it!–but I am just setting expectations that the way the problem is modeled is going to have some subtle differences.