Development Status
The near-term roadmap ships today. The long-term platform is next.
OAuth 2.1 & OIDC Core
Authorization code flow with mandatory PKCE, client_credentials and refresh token grants, dynamic client registration, discovery, and JWKS.
CompletedView CodeMCP & Agent-Native Authorization
RFC 8693 on-behalf-of token exchange, agent scope modes, step-up authentication, and a resource-server SDK validated end-to-end with Claude Code.
CompletedView CodeProduction Hardening
CSRF protection, security headers, secure cookies, structured logging, metrics, and Redis-backed failed-login lockout.
CompletedEnvironment-Aware Authorization
Dev, staging, and production treated as a fail-safe policy dimension across the authorization server.
CompletedIdentifier Abstraction Migration
The foundational migration that gates wallet federation and post-quantum signing.
PlannedWallet Federation
EUDI Wallet support via OID4VC/SIOPv2 as a first-class upstream identity source. No committed date.
PlannedPost-Quantum Hybrid Signing
ML-DSA-65 hybrid signing alongside Ed25519, targeted for Phase 5, 2027.
Planned