1. Session management support
The OpenID Connect work group is drafting an extension to let client applications manage end-user sessions, including logout. We intend to implement it once the specification becomes final or sufficiently stable.
2. Pairwise identifiers
The Connect2id server supports the default public identifiers for users. Pairwise identifiers is an alternative identifier type that strengthens end-user privacy.
3. Support public client keys
OpenID Connect has an option for client applications to register public JSON Web Keys (JWKs), typically RSA, and use these instead for authentication and securing the various artifacts passed to / from the server.
- Support registration of client public RSA JWKs.
4. Encrypted ID tokens
The Connect2id server issued signed (JWS) ID tokens. Adding encryption (JWT) to them can ensure the confidentiality of issued identity information. We don't see much demand for that at present and ID token encryption is likely to be implemented in a later release of the Connect2id server.
5. Support optional
request_object parameters in OpenID Connect authentication requests
These can be used for prepackaged requests from client applications and also as a form of client authentication in the implicit flow.
6. Aggregated and distributed claims
Aggregated and distributed claims is an option for delivering UserInfo claims from third-party OpenID Connect providers.
1. Support for assertion-based OAuth 2.0 grants
The Connect2id server implements the principal OAuth 2.0 authorisation code, implicit, refresh token, resource owner password and client credentials grants. In the next major release we're going to cover the remaining assertion grants: