I guess this is kind of a Development question as well. I want to self-host Joplin Server for my own use, but I use single sign-on for all my self-hosted apps.
Would maintainers be open to a PR adding OpenID Connect support to Joplin Server? The idea would be to have a "Or log in with single sign-on" link on the login page, then an "App Passwords" section of the user form/profile page. SSO users would then use the app passwords for authentication in the Joplin clients.
Just tinkering, I've got OIDC login working, but don't want to code up the app password hashing/storage/UI/&c. unless there's interest in a PR.
(As an aside, this came about bc I couldn't find an acceptable way to sync Joplin notes with the sync targets when using SSO. I use Seafile, which doesn't support SSO for WebDAV; there's no Android client that actively syncs filesystem to Seafile with SSO credentials, so I can't use filesystem sync; and Joplin Server doesn't yet support SSO.)