Comment by apitman
24 days ago
I think you could get pretty close with OAuth2. You could also have the frontend be a centralized app, but allow people to host their own servers. If the entity controlling the frontend goes off the rails you still have a pretty simple exit strategy.
OAuth2 is a failed protocol - it's more of a set of guidelines for vendors to implement proprietary authentication systems, all incompatible with each other.
There's nothing stopping you from building interoperable protocols on top of OAuth2. I've done it a couple times.
OpenID Connect is another example.
OAuth2 has some worts, but I think it's worth the tradeoffs.