There likely is an off the shelf OIDC SP provider you can use for the actual "hard parts".
If you already use something like "Sign in with {Google,Facebook,Twitter,Apple}" you are already doing part of it.
I have built several products now with OIDC support for authentication (not authorization) and it has never taken more than a day or two to wire it up.
If you already use something like "Sign in with {Google,Facebook,Twitter,Apple}" you are already doing part of it.
I have built several products now with OIDC support for authentication (not authorization) and it has never taken more than a day or two to wire it up.