Also it appears that together with OIDC Core, OIDC Discovery and OIDC Registration from 2014, we'll soon get OIDC Federation, which combines the two last named protocol extension to a more glorious mess:
* On the journey to an Implementer’s Draft: OpenID Federation draft 31 published – Mike Jones: self-issued post 
* OpenID Federation 1.0 - draft 32 page
For me it's usually not hard to set things up, like an Identity Provider called Keycloak or Authentik, but to maintain the installation in the long term, and keeping it secure and operational over time.
is not far away from OAuth2, since it builds on it, but configuration is much easier and reduced to three variables: matrix
* OIDC discovery endpoint (under `/.well-known/openid-configuration) * client key * client secret