[smalu]

I do not known why OIDC has so many bad comments here. At my $company we are using Keycloak for multi-realm (multi-tenant) authentication of users and clients (applications). Yes, the learning curve is long for OIDC and even longer for Keycloak. The FreeMaker Template Engine is awful compared to Twig. Updates of Keycloak can break something, so better have proper test/stagging environment. But this is the tax for not implement something, that is not in core domain of organization.

OIDC solves problems for OAuth2 like "every Identity Provider has different endpoints" with OpenID Connect Discovery (/.well-known/openid-configuration).

[carstenhag]

And then in real life I have to use the idm of 5 car manufacturers. Their devs being in South korea, China, US, Italy (we are in Germany).

Impossible to manage meetings. Impossible to adhere to the standard. Impossible to demand that they use the well-known config. Impossible to agree on a good UX (by using sane config values for token validity).

[chucke]

> OIDC solves problems for OAuth2 like "every Identity Provider has different endpoints" with OpenID Connect Discovery

Not really: https://www.rfc-editor.org/rfc/rfc8414.html