@dansup I think I'd prefer each instance being an actual OIDC IdP and having the client (app or browser extension) provide the sign-in endpoint for redirection.