Three-legged OAuth / OpenID Connect authentification requires an Authorization Endpoint. This might be useful for third party web applications and login to other services via library account, but there is no actual use case so far.

See #15 for some earlier discussion of this topic.

See https://gbv.github.io/paia-oauth/oauth-applications.html for a mockup