Is there a good approach for using Plone as a Saml2 or Oauth2 server or similar

I'm exploring ways to make Plone act as an Oauth2 server. What are my best bets as a starting point?
It doesn't have to be Oauth2, anything simliar is acceptable.
The goal is allow users to log in to a Rocket chat service against the Plone site.

I'm only finding Oauth 1 tools for Plone.

So far Saml2 seems to be the best bet
see: GitHub - collective/collective.saml2: Installation of SAML2 web single-sign-on for Plone (dm.zope.saml2)