From what I understand this handles only authentication and provides tokens that may be used for additional (undefined APIs).
What bugs me about this (and all the oAuth implementations out there) is that you never just want authentication. You also want to know things about the user (username, name, email, avatar, etc) - but to get this you have to implement a plethora of APIs for the various services, because they are all different. I wish fetching profile info would be part of the standard.
That's basically what we have to do as a SAML service provider. Most SAML identity providers don't release identifying information—out of apathy or ignorance usually, not because of privacy concerns—so we take whatever (hopefully persistent) identifier we're given, re-identify the user at registration time, and call it a day.
I've never seen a SAML IdP that can't release that stuff as claims when configured properly. Are you having trouble getting people to do that when you use SAML?
Oh sure, a SAML IdP or OIDC OP _can_ release all kinds of info, but they generally don't if our experience with InCommon and eduGAIN IdPs is any guide. We even made sure we complied with REFEDS R&S (https://refeds.org/category/research-and-scholarship/).
OpenID Connect, aka. 'OIDC', is widely deployed. It's a compatible extension on top of OAuth 2.0, the latter of which was often used to provide third-party apps some delegated access to users' data at some data silo. This all coincided with the proliferation of HTTP-native APIs inspired by the easiest-to-implement tenets of REST. The payload of OIDC and OAuth 2.0 can be carried with in HTTP headers, which is a good fit for these APIs and simplifies implementation.
OIDC is used by some branded 'sign-in' buttons like 'Sign-in with Google' [1], and the new 'Sign in with Apple' feature is a close copy of the OIDC, if not yet directly conformant and compatible [2].
What bugs me about this (and all the oAuth implementations out there) is that you never just want authentication. You also want to know things about the user (username, name, email, avatar, etc) - but to get this you have to implement a plethora of APIs for the various services, because they are all different. I wish fetching profile info would be part of the standard.