I run a site which has phpBB, Bugzilla, and MediaWiki installed, for which I wrote a single-sign-on (SSO) system which has been in use since 2007. The existing system takes the username and password from the user, logs the user into each of the three components, collects all their cookies, and sends them back to the user. Each of the three components is using LDAP for its own authentication. This is ugly, but it has worked well enough.
Due to some changes to MediaWiki's core and LDAP extension stack, we can't successfully get cookies this way any more (the login API is now for bot logins only, and the new clientlogin API doesn't work with the LDAP stack). The old way still works fine for phpBB and Bugzilla, leaving us with SSO for only two of the three components. As an alternative, I've been advised by some MediaWiki devs to try doing SSO using a standard SSO setup, something like SAML, OIDC, Auth0, OAuth2, etc.---but this means I need also to use those for Bugzilla and phpBB.
I thought this would be easy to do with phpBB, but everything I've found so far is years old, unmaintained, incomplete, or people asking a similar question in, say, 2014.
What are my options currently for SSO in phpBB 3.3.4?