Unlike SAML's "take this assertion" IdP-initiated flow, OIDC went for a "start an authentication with this IdP, for this user, and send them back here". Much, much safer.