How does this compare to Pomerium or other open source IAPs?

https://github.com/oauth2-proxy/oauth2-proxy

I've used that to gate-access to internal things behind gsuite domains, and it supports authentication against github and other providers too.