Authentication using federated identity

[Chris Rapier]

I know that there are some methods to use federated identities (e.g. 
OAuth2) with SSH authentication but, from what I've seen, they largely 
seem clunky and require users to interact with web browsers to get one 
time tokens. Which is sort of acceptable for occasional logins but 
doesn't work with automated/scripted actions.

I'm just wondering if anyone has done any work on this or has thoughts 
on it. I know it would be useful in some contexts (in my case, cross 
realm access of independent yet federated services that are pretty 
common in R&E HPC communities (e.g. ACCESS)).

Chris