[dwaite]

1. You can use OpenID Connect as a protocol to integrate (via federation) with a site that provides authenticator management. This is AFAIK how most deployments work today - even if that OpenID Provider winds up being something you run or you pay to be run for you (AKA a CIAM solution).

2. There is an upcoming specification, Self-Issued OpenID Providers v2, which provides a redirection flow to an agent such as a native app or PWA app. This does look a bit different from traditional OpenID Connect though, as each End-user is effectively its own issuer with its own public key pair.

Since the browser and platform will have integrated support for FIDO/WebAuthn tech, they may still provide a better experience for equivalent scenarios.