I think I would suggest offering like a provider template / superclass, and then allow anyone to create provider packages. that's how Passport and OmniAuth in Node and Ruby work. that feels like a good balance to me, where if someone writes a custom strategy they could share it with others without necessarily needing your team's review and approval