I'm ready with initial support for short-lived SSH certificates generated on-demand by a Certificate Authority with authentication through OpenID.

I want this to work with a wide variety of Certificate Authority configurations, but my testing has been limited to the setup described here: https://smallstep.com/blog/diy-single-sign-on-for-ssh/

Your feedback is essential. Please join the TestFlight and help battle-test this to make sure it works well for your setup: https://testflight.apple.com/join/YEECE7b4