OAuth 2 covers modern app authorization / revocation scenarios. Get the bearer token using the prescribed oauth2 flows.
Hack up anything! Add frappe whitelisted endpoints that in the end returns a new bearer token frappe.new_doc("OAuth Bearer Token") something like this Trying to implement OTP login