The event hooks can fire when a user starts a session or attempts to login, however that will not be tied to a specific application. I don’t know of an event hook that fires for /authorization requests. I recommend looking over the following thread which deals with a very similar issue.
An alternative would be to use an inline token hook, which fires each type a token (access or id) is minted. It would have the information about the user/client app, but is run each time a token is renewed, not just at login. This hook is meant to modify tokens before they are signed which is not really your use case, and the call is synchronous.