Insights and release announcements
Blog
-
Connect2id server 19.12.1
Connect2id server 19.12.1
Connect2id server 19.12.1 is a maintenance release that fixes issues affecting the authorisation request validation changes introduced in version 19.10. Those changes added validation of the OAuth 2.0 state and OpenID Connect nonce...
Connect2id serverRead article -
Connect2id server 19.12
Connect2id server 19.12
Connect2id server 19.12 introduces a new low-level plugin interface (SPI) for intercepting OAuth 2.0 authorisation...
Connect2id serverRead article -
Connect2id server 19.11
Connect2id server 19.11
Connect2id server 19.11 introduces a small but useful configuration improvement for service-oriented deployments,...
Connect2id serverRead article -
Connect2id server 19.10 protects OAuth redirects against browser-swap attacks
Connect2id server 19.10 protects OAuth redirects against browser-swap attacks
Connect2id server 19.10 strengthens protection against browser-swap attacks by adding validation of state and nonce...
Connect2id serverRead article -
Connect2id server 19.9 introduces selective refresh token revocation
Connect2id server 19.9 introduces selective refresh token revocation
Connect2id server 19.9 brings more flexibility to token revocation and a couple of important fixes and updates. The...
Connect2id serverRead article -
Connect2id server 19.8
Connect2id server 19.8
Connect2id server 19.8 introduces support for seamless migration of OAuth 2.0 client authentication methods. This new...
Connect2id serverRead article -
Connect2id server 19.7
Connect2id server 19.7
Connect2id server release 19.7 ships an update to consent prompts to enable IdPs easy access to previous decisions...
Connect2id serverRead article -
Connect2id server 19.6 introduces a web session bootstrap endpoint
Connect2id server 19.6 introduces a web session bootstrap endpoint
Integrated web session bootstrap for native apps Connect2id server 19.6 introduces a groundbreaking feature - a web...
Connect2id serverRead article -
Protecting OAuth code flows against browser-swap attacks
Protecting OAuth code flows against browser-swap attacks
The browser swap attack is not a new attack. It was first theorised in 2022 by a team of researchers commissioned by...
OAuth 2.0Read article -
Nimbus JOSE+JWT roadmap for 2026 and Beyond
Nimbus JOSE+JWT roadmap for 2026 and Beyond
As the JOSE ecosystem continues to evolve, we are now in a phase where modern cryptography is being reshaped by two...
JOSERead article -
Connect2id server 19.5
Connect2id server 19.5
The DPoP (RFC 9449) OAuth 2.0 security extension enables a client to bind an access token to a private key...
Connect2id serverRead article -
Connect2id server 19.4
Connect2id server 19.4
This Connect2id server release ships full DPoP support for applications using the token exchange grant. It also...
Connect2id serverRead article -
Connect2id server 19.3
Connect2id server 19.3
This Connect2id server release updates OpenID Federation support for deployments that require compliance with the...
Connect2id serverRead article