[cratermoon]

SAML is way more of a beast to configure and maintain compared to any oauth-based flow. One reason is just that SAML is more complex, because it does a great many different things for many different use cases. The other reason is that setting up SAML requires humans to coordinate the trust setup and key exchange between the IDP and Relying Party. For typical setups, oauth is pretty much self-serve, but where I worked setting up a new SAML customer required a senior engineer to personally handle it every time.