I wish to set up a login system where I would be making multiple independent web(rails, Django, node, php, etc.) and android application to be used by students of my institute and all of these applications should use only one account with one username and password. I searched for state-of-the-art methods for doing this and found out about OpenID, OpenID Connect and OAuth2.0. I do understand the difference between them, however, what I am confused about is which to use here.
The system should be something similar to what Google has implemented. Google has https://accounts.google.com where you can manage your account, password, profile, etc. Similarly, there should be a website where the users sign up and create their account (let it be accounts.xyz.com). When you open an application, you should enter your username and password which you set up on accounts.xyz.com and this gives the application access to some(or all) user data.
Alternatively, there can a simple Sign in with accounts.xyz.com button on each application which does the same work as the username and password login.
Which of the two methods is better, what is to be used to implement it, and how to implement it? Is there a simpler way of doing it so that I can make sure only students of my institute have access to the application?
OpenID is deprecated in lieu of OpenID Connect.
OAuth 2.0 is for delegation to an Application for accessing of APIs. So, use OpenID Connect.
To sign in with accounts.xyz.com would require you to implement your own OpenID Connect Provider or some alternative Authentication method.