Just to clarify: when I suggested to use OAuth2, this wasn’t aimed at end users, but rather at app developers (including for the build in apps) and service providers.
My (honest) question would be: how does your suggested approach change this? If I’m understand right, the difference is about the point at which the user has to enter their PIN or password to gain access?
I’m not trying to be obtuse or dismissive, so I apologise if my comment came across that way: if there’s an improvement to be made, it’s good to be clear about it.