Commerce Cloud OAuth token generation using an external OAuth service provider for single sign on

We are currently using hybris/SAP Commerce internal spring based oAuth generation to control access to the OCC API. We are looking to use a external OAuth provider in its place for token generation in order to also use the same token as a single sign on mechanism. If we dont do it, we end up having one token for single sign on and the hybris commerce token just for access to the OCC APIs.

Does any one have documentation to help us integrate hybris commerce with an external OAuth provider, so that we just have a single token on the website.