Not sure what use case is making you need to check the token, but here is one option to explore:
You can use after start-up microflow under Settings-Runtime. However, if you allow anonymous users, then this will be fired even before the user signs in
The Nanoflow sign in action can be used to sign someone in, from a page where the user specifies the username & password in “normal” input textboxes. These should be within a dataview connected to a non-persistable entity with two attributes; UserName and Password. ← in other words; completely self-build custom sign in behavior.
Solution you could use is; use the default/userrole home page. Change this to call microflow and model your magic to check the token. after your magic, open the page of your liking as homepage
Also there is a widget "Signin Microflow” that could help in your case (https://marketplace.mendix.com/link/component/66443) not sure if it works in Mx9.
After login to a Mendix app the username entered in the login form is in $currentUser/Name. The password is stored as hash in Mendix, but is a hash of what was typed in the login form. If you need the values as entered in the login form (the page where the user does not have a Mendix session yet, except for anonymous users redirected from the index page), you can send the form values to Mendix by an ajax REST call from the login page with a little Javascipt code and store them connected to the account for later retrieval in a microflow after login.