Currently ZenRep uses a custom workflow to resolve login redirection requests. For services that expose an oAuth interface it would be far better to be able to route the user through oAuth (which would give a far more consistent user experience, and makes SSO support almost automatic for anyone with an oAuth provider.)

This should be relatively easy to implement on the ZenRep end of things. A set of fields would need to be provided in the admin console allowing the administrator to specify the clientid, clientsecret, and scope. URLs would also need to be indicated for the authorization request, the token request, and some API that ZenRep can use to exchange the access token for an SSO key (or the the user information directly, since encrypting for transit is redundant at this point).

Obviously, oAuth should just be an OPTIONAL alternative to the current flow, since the current flow works great for anyone not interested in running an oAuth provider.