I made some progress.
Ultimately, the only way I found is to use a Cloudflare Worker as a broker/backend to handle auth, hide provider credentials, and create upload URLs, then uploading the data to CF Stream or Mux. Is that something that you are OK with?
The way it works (non-technical):
- You click Upload.
- A quick popup logs you in through Discourse SSO (first time only).
- The broker confirms you’re allowed, and remembers you for an hour.
- TC asks the broker where to put the video; it opens a private upload spot to the provider (it holds the secret keys).
- TC uploads straight to the provider.
Here’s a quick demo.
Don’t mind the processing time. You can use the “insert now” button instead if you prefer.
I think it’s a decent solution and works pretty well considering the limitations of the TC. 
That said, I believe that should be only a last alternative. The plugin that Dave linked has a deep integration and it should be the first choice for a clean solution. If you can, I strongly encourage you to contact them! (Otherwise, let me know!)