There are in fact identity providers you're describing, these are called nsecbunkers. Check out highlighter.com or coracle.social or nostrudel.ninja login flow.

There's a spec for delegated event signing https://github.com/nostr-protocol/nips/blob/master/26.md , but it's ignored by almost all the clients because it sacrifices protocol simplicity. 

 Awesome, thanks for the pointers! Yeah, initially the thought of people just jamming their private keys into apps kind of really bugged me. Actually, reading up on NIP-26 is what motivated me to ask.