Is your feature request related to a problem? Please describe.
Let's suppose the company using WordPress with OIDC plugin wants to allow login only for users registered in / managed by the Identity Provider. After the initial setup of WordPress instance and OIDC configuration by the default administrator account, they want to delegate whole user management outside of the WordPress (e.g. they operate several smaller websites all connected to the same Identity Provider with shared user base).

At the moment these limitations exist:

1. it is still possible to open wp-login.php and attempt login using WordPress username/password
   • This will fail for any user that was created by OIDC with the function Create user if they do not exist, because the password was never set. This doesn't affect the functionality, but is not ideal.
   • If the company decided or forgot to delete the default administrator account, the attacker can attempt to guess the username/password.
   • By trying logins with various email addresses, it is possible to determine whether a user with such email address is registered in the given WordPress instance, and by extension, in the Identity Provider. By default, WordPress specifically tells you that user is registered but the password is wrong, not the general message "username and/or password is incorrrect".
2. it is possible to open wp-login.php?action=register and register the user in WordPress without the Identity Provider knowing about it
   • This can be solved by standard setting in WordPress > Settings > General > Membership / Anyone can register. This setting, however, could be slightly confusing together with OIDC options Create user if they do not exist and Link existing user.
3. it is possible to open wp-login.php?action=lostpassword and possibly request new password for any user that was created from Identity Provider's user details; afterwards, user could login without interaction with the Identity Providers (e.g. user could overcome blocking/blacklisting within the Identity Provider).

Describe the solution you'd like
It would be nice if the OIDC was able to disable built-in WordPress functionality for login, password reset and signup. This would be configured in the settings and turned off by default.

Describe alternatives you've considered

• Limitation 1. can be limited by usage of other plugin which will block too many invalid login attempts. But it will not solve it completely.
• Limitation 2. can be solved by WordPress setting.
• I don't have alternative solution for Limitation 3.

I suppose there are some other plugins that could handle this, I wasn't looking for them intensively. However, I'd prefer to keep login functionality in one plugin.

Additional context
None.

I will be making PR for this since I have a working solution.