If I am understanding this correctly, I guess the only problem I see with that is both entities need to trust that the user is indeed being truthful and not sharing a token. I think a system with a neutral third part that takes a token from the identity provider and a token from the webite, validates them and sends a result. Or maybe that is what you said.