Hi Marcian,
I would not build an identity provider. There are ready solutions out there (Auth0, Azure Active Directory). If you use one, you get rid of the token generation problem and only have to take care of validating received tokens on server side. There are some items in marketplace which should help, like
* OAuth 2.0 SSO Demo: https://marketplace.mendix.com/link/component/110989
* JWT module: https://marketplace.mendix.com/link/component/106447
* OAuth module: https://marketplace.mendix.com/link/component/120058
Hope that helps!
Kind regards,
Thomas