1. OpenID Connect

1.1 OpenID Connect Federation 1.0 with automatic client registration

Support for OpenID Connect Federation 1.0 with explicit client registration arrived in Connect2id server 10.0. The next step in the federation roadmap is support for automatic client registration, where a federated OpenID relying party is registered implicitly at the authorisation or PAR endpoint. The authentication is facilitated by means of a signed request object (JWT) or private key JWT or mTLS at the PAR endpoint. The client metadata is obtained from the RPs published entity statement.

2. OAuth 2.0

2.1 JWT-secured Authorisation Response Mode for OAuth 2.0

This is a new draft that has come out of the FAPI working group, to enable OAuth 2.0 authorisation responses to be packaged in a signed and optionally encrypted JWT.

2.2 OAuth Incremental Authorisation

OAuth 2.0 authorisation requests that include every scope the client might ever need can result in over-scoped authorisation and a bad end-user consent experience. The draft-ietf-oauth-incremental-authz spec enhances the OAuth 2.0 authorisation protocol by adding incremental authorisation, the ability to request specific authorization scopes as needed, when they're needed, removing the requirement to request every possible scope that might be needed upfront.

2.3 OAuth 2.0 Token Exchange

RFC 8693 is a protocol for a lightweight HTTP- and JSON-based Security Token Service (STS), defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.

2.4 OAuth 2.0 Device Authorisation Grant

Commonly known as the device flow, this OAuth grant is for designed for browserless and input constrained devices / contexts, such as smart TVs, consoles and printers. This user authorises the client on secondary device, such their smartphone or personal computer. See draft-ietf-oauth-device-flow-15

2.5 Support for Resource Server specific access token profiles

The Connect2id server supports a number of access token profiles, including the definition of custom profiles, there however cannot be bound to specific resources at present.

3. Database backends

Support for new SQL database backends:

3.1 CockroachDB

CockroachDB is a distributed ACID compliant SQL database, client compatible with PostgreSQL.

Comments, suggestions?

Please post your comment below, or write to Connect2id support.

comments powered by Disqus