I've been looking into Auth(N|Z) for an ASP .Net WebAPI app, which would need to accommodate both web based logins and potentially app based logins further down the line. As far as I can see, the only clean (F)OSS method, that doesn't involve workarounds, and uses as much battle tested tech as possible, would be a custom OAuth2/OIDC provider written using .Net Identity and OpenIdDict
KC was almost there, but there's no deletion callbacks
Unless anyone has any suggestions?