Comment by gebalamariusz

Overall, it's interesting. OIDC is probably the most common practice for inter-service authentication today. The problem is that in practice, I've seen many configurations where OIDC could be used as an attack vector (missing sub claim condition, which effectively allows any token to assume the role).