Huh, yeah, that is weird. Not sure why there isn't a solid OIDC implementation for passportjs.

You could use the FusionAuth typescript client. It's open source; here's the github repo.

FusionAuth should be OIDC compliant so any NestJS example application that works with OIDC should be fine. Here are some posts to review:

https://sdoxsee.github.io/blog/2020/02/05/cats-nest-nestjs-mongo-oidc.html#add-oidcstrategy https://github.com/Finastra/finastra-nodejs-libs/tree/develop/libs/oidc https://github.com/panva/node-oidc-provider (a node OIDC provider)

As for why you might want to avoid okta, I would just advise looking at the pricing page before committing. 🙂