Not necessarily OAuth, but more Open IDC in this case. Here’s the scenario:
We have an existing infrastructure that uses Keycloak backed by an LDAP server. We have 4 separate (but related) Web sites that are password protected using Keycloak as a single sign-on (SSO) server. An Apache reverse proxy sits in front of the 4 sites and protects all routes to the Web sites using mod_auth_openidc. The specific architecture I’ve described above is not really important.
What’s important to us is that we’re currently storing our user information in an LDAP server that we manage that uses an SSO server that we also manage. So we’d prefer to keep that existing SSO infrastructure especially because we don’t want to store our user information in Netlify.
I suppose we could continue to deploy the reverse proxy in front of Netlify, but this doesn’t seem like the best approach. Better would be if you had an architecture whereby a different identify provider could be “plugged in.” And then yes, I suppose that identify provider would also need to handle authorization via OAuth.
So I guess my question was indeed somewhat about OAuth, but not primarily