We are working on a ODIC setup with a German business partner for a larger German customer.
Auth0 is one of the major providers. We got it working but only with some tricks for now.
It turned out the Auth0 OIDC endpoint has a cache expiration for 15 seconds. This looks like a setting that can't be changed.
The Domino OIDC cache uses the expiration header to invalidate the cache. So our cache on the Domino side was constantly reloading and invalid in some cases.
You really have to have an expiration that is at least a couple of minutes. Better at least 1 hour.
Faking the cache expiration
This has been reported to HCL and the team is working on an enhancement.
Meanwhile I came up with a work-around setting up a Fake provider on a NGINX server to forward the requests.
This is a companion discussion topic for the original entry at https://blog.nashcom.de/nashcomblog.nsf/dx/auth0-oidc-openid-with-domino-some-other-interesting-findings.htm