Roadmap

1. OAuth

1.1 OAuth 2.0 client attestation

draft-ietf-oauth-attestation-based-client-auth enables a public OAuth client to include a key-bound attestation in its interactions with an authorisation or resource server. Intended for platform-specific (Android, iOS) validation of client instances of mobile native apps and for Verified Credentials (VC) wallet applications.

1.2 OAuth 2.0 Protected Resource Metadata

RFC 9728 defines a JSON document format to describe an OAuth 2.0 protected resource, such as a token-secured web API, so that an OAuth 2.0 client or authorisation can interact with it.

1.3 Grant Management for OAuth 2.0

FAPI Grant Management is an extension developed at the FAPI working group. It provides a method for an OAuth 2.0 client to manage its grants with an authorisation server in a explicit and accountable way.

2. OpenID Connect

2.1 OpenID Connect for Identity Assurance 1.0 enhancements

eKYC / Identity Assurance is a an OpenID Connect extension enabling client applications to verify the identity of end-users with national eID schemes, banks, etc.

Version 9.21 of the SDK updated support to draft 12 of the spec and introduced object-oriented support with strong typing for the verified_claims element in ID tokens and UserInfo responses.

The verification parameter in claims requests can also benefit from proper object-orientation with strong typing.

3. OpenID Federation 1.0

OpenID Federation 1.0 represents the second most significant protocol that originates from work at OpenID Foundation, after the completion of OpenID Connect in 2014. With applications in eIDAS 2.0, digital wallets, trust infrastructure and a potential replacement for X.509 in TLS, Connect2id invested considerably in its development, testing and implementation.

In 2026, when the specification is expected to become final, the current implementation in the SDK needs to be rewritten in order to incorporate the latest changes and features.