I have been reading about the new OIDC system (since Element now has a QR code login). I can’t seem to understand the purpose of it, as it seems that Matrix already has all of the features wanted, but more simple. Why would there need to be a new OIDC system, if signing in with services with Google or GitHub is already supported and configurable per homeserver? Why would regular user+password login need to be reimplemented, but now require a website to login instead of being able to login through something like a terminal?
Here’s an announcement of the Matrix 2.0 spec, which includes a switch to the new OIDC system:
https://matrix.org/blog/2024/10/29/matrix-2.0-is-here/
That links to this Matrix spec proposal:
https://github.com/matrix-org/matrix-spec-proposals/blob/hughns/delegated-oidc-architecture/proposals/3861-delegated-oidc-architecture.md
IMO the tl;dr is that they’re switching to a widespread standard that has a lot of development around it and security auditing. It will take a lot less of their time to just use that vs maintaining their own stack. OIDC will let you use google/github-style “Login with…” approaches, but you can use that with any other service that supports OIDC, not just a few blessed services.
There’s also this site with a “Why?” section: https://areweoidcyet.com/#why