While Peergos provides storage integration via WebDAV/FUSE, there's no identity integration with legacy applications. Users must manually create separate accounts in each self-hosted app, losing the benefits of Peergos unified identity system.

Proposed Solution

Add an OIDC provider bridge (similar to WebDAV bridge) that allows legacy applications to authenticate against Peergos identities.

Core Components

1. OIDC Provider Service: Local service implementing OpenID Connect endpoints
2. Application Registration: Sandboxed Peergos app for managing integrations
3. Per-Application Tokens: Secure, cryptographically-derived tokens for each registered app
4. Access Sharing: Share application access with other Peergos users

User Workflow

1. Setup: Run OIDC bridge, register legacy app (e.g., AudioBookshelf) via Peergos app
2. Access Management: Share app access through existing Peergos sharing, users generate per-app tokens
3. Authentication: Legacy app redirects to Peergos OIDC → user authenticates with token → validated against main Peergos identity

Use Cases

• AudioBookshelf: WebDAV-mounted collection + Peergos authentication for household
• Immich: Photo sharing with decentralized storage
• Jellyfin: Media streaming with Peergos backend
• Any OIDC-compatible self-hosted application

Technical Requirements

OIDC Endpoints

• /.well-known/openid-configuration
• /oauth2/authorize, /oauth2/token, /oauth2/userinfo, /oauth2/jwks

Security Features

• Cryptographically-derived per-app tokens (no plaintext storage)
• Token revocation capabilities
• Scoped permissions (read-only, specific folders, etc.)
  common app templates

Benefits

• Lower adoption barriers for existing self-hosters
• Unified identity management across all household services
• Privacy preserved - data stays in Peergos
• Gradual migration path from centralized systems

Questions

1. Separate service or integrate into core Peergos?
2. Preferred approach for token derivation?
3. How to handle app registration workflows?
4. Which OIDC scopes to support initially?

This enables seamless integration of proven applications while maintaining Peergos' privacy and decentralization benefits, particularly valuable for household self-hosting setups.