1. OpenID Connect
1.1 OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA)
CIBA is a new flow originally devised for authorising transactions at a PoS with a user's smartphone.
1.2 OpenID Connect prompt "create"
A new prompt value called create is being introduced to enable relying parties to signal end-user sign up intent to the OpenID provider.
2. OAuth 2.0
2.1 OAuth Incremental Authorisation
OAuth 2.0 authorisation requests that include every scope the client might ever need can result in over-scoped authorisation and a bad end-user consent experience. The draft-ietf-oauth-incremental-authz spec enhances the OAuth 2.0 authorisation protocol by adding incremental authorisation, the ability to request specific authorization scopes as needed, when they're needed, removing the requirement to request every possible scope that might be needed upfront.
2.2 OAuth 2.0 Token Exchange
RFC 8693 is a protocol for a lightweight HTTP- and JSON-based Security Token Service (STS), defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.
2.3 OAuth 2.0 Device Authorisation Grant
Commonly known as the device flow, this OAuth grant is for designed for browserless and input constrained devices / contexts, such as smart TVs, consoles and printers. This user authorises the client on secondary device, such their smartphone or personal computer. See RFC 8628.
2.4 Support for Resource Server specific access token profiles
The Connect2id server supports a number of access token profiles, including the definition of custom profiles, there however cannot be bound to specific resources at present.
2.5 Support for pairwise subject identifiers in access tokens
Similar to the standard pairwise subject identifiers in ID tokens and UserInfo responses issued to OpenID relying parties, but with the audience being third-party resource servers.
3. Performance and scaling
3.1 Stateless authorisation sessions
Optional configuration to enable stateless authorisation sessions, to encrypt the session data into the session identifier. Can be used to save database traffic and costs in large deployments.
4. Database backends
Support for new SQL database backends:
CockroachDB is a distributed ACID compliant SQL database, client compatible with PostgreSQL.
Please post your comment below, or write to Connect2id support.
comments powered by Disqus