Quick progress update, I worked on it for a bit here: christiaangoossens/hass-oidc-auth: OpenID Connect authentication provider for Home Assistant (github.com). Implementing OAuth/OpenID is not the problem, I can do that and it’s very well possible (@elupus already made a basic version in the past), even as a plugin.
The problem is that the login screen has no way to redirect to some external URL properly (in a native browser view, instead of the normal HA view) and get back the callback code. The only - hacky - option is to use a popup, but I really don’t like that. In Android and iOS, the apps will also have to support opening either the native browser, a Android Custom Tab or SFSafariViewController with proper TLS support, hostname visibility and all CSS features (so Authentik also renders correctly).
However, I don’t know enough about the mobile and core code of HA to make this work and I sadly don’t have the time to find out. If anyone wants to pick that up, and make it possible to call a function for external redirect (I made a start in Allow DataEntryFlowStepExternal on the login screen by christiaangoossens · Pull Request #14471 · home-assistant/frontend (github.com), I am happy to assist you with the OIDC part.