@dansupI think I'd prefer each instance being an actual OIDC IdP and having the client (app or browser extension) provide the sign-in endpoint for redirection.
Gregory's Server