Hey, I've created an OpenID/OAuth2 Provider that integrates with the BYOND hub. Anyone is free to sign up to use it altho client registration is done manually. The project is mostly open source at https://github.com/alexkar598/bab, and hosted at https://bab.yogstation.net. The OpenID code and id_token grants are implemented along with OpenID discovery (). Unfortunatly, due to a critical component being closed source(the bit that talks to the BYOND hub), it is not possible to self host this and if you want to use this, you have to trust me and my service to return the correct information on users. For people without the ability to use auto discovery, the endpoints are located at the following locations:
-Authorize: https://bab.yogstation.net/auth/authorize
-Token: https://bab.yogstation.net/auth/token
-Userinfo: https://bab.yogstation.net/auth/userinfo
-Signing keys: https://bab.yogstation.net/auth/keys

Security information:
- Obviously, you have to trust me to return accurate information about users
- If intercepted, the byond certificate may allow an attacker to pose as a user(in the context of BAB, this does not allow account takeovers) until the certificate expires or the user logs out of BYOND in their web browser (tokens will however still be valid)
- Signing keys are rotated every 3 days, old keys are purged and no longer published after 15 days. Private keys are always deleted as soon as a new one is generated (every 3 days)
- Improper setups may result in security vulnerabilities in the way you interact with my service. If you aren't sure of what you're doing, always pass the state parameter to /authorize and do not request the id_token grant or a client of type Public

Sign up link: https://forms.gle/TY5AyaiuMYFZ272r8