Skip to main content
QAuth Labs

Development Status

The near-term roadmap ships today. The long-term platform is next.

Near-Term Roadmap: CompleteLong-Term Platform: Wallet Federation + PQC
  • OAuth 2.1 & OIDC Core

    Authorization code flow with mandatory PKCE, client_credentials and refresh token grants, dynamic client registration, discovery, and JWKS.

    CompletedView Code
  • MCP & Agent-Native Authorization

    RFC 8693 on-behalf-of token exchange, agent scope modes, step-up authentication, and a resource-server SDK validated end-to-end with Claude Code.

    CompletedView Code
  • Production Hardening

    CSRF protection, security headers, secure cookies, structured logging, metrics, and Redis-backed failed-login lockout.

    Completed
  • Environment-Aware Authorization

    Dev, staging, and production treated as a fail-safe policy dimension across the authorization server.

    Completed
  • Identifier Abstraction Migration

    The foundational migration that gates wallet federation and post-quantum signing.

    Planned
  • Wallet Federation

    EUDI Wallet support via OID4VC/SIOPv2 as a first-class upstream identity source. No committed date.

    Planned
  • Post-Quantum Hybrid Signing

    ML-DSA-65 hybrid signing alongside Ed25519, targeted for Phase 5, 2027.

    Planned