CoreIdent is on a mission to make robust, standards-based authentication and identity actually developer-friendly. In Phase 3, we delivered hardened OAuth 2.0 Authorization Code flows and security improvements. Now, with v0.3.5, we’re taking the next step: real OIDC ID Token support, smarter claims, and a roadmap for practical, real-world adoption.

🚀 What’s New in v0.3.5

  • OIDC-Compliant ID Token Issuance:

    ID Tokens are now fully standards-based, with claims like name and email sourced from your user store (not just the username field). This means better compatibility and flexibility for modern apps.

  • Comprehensive Testing:

    We’ve added a full suite of unit and integration tests for all ID Token claim variations, including nonce round-trip and scope-based claim inclusion.

  • DEVPLAN: Real-World Gaps Checklist:

    We’re not just checking spec boxes anymore. Our new Phase 3 checklist documents where spec-compliance isn’t enough—covering custom claims, consent UI, token revocation/introspection, dynamic client registration, key rotation, and more.

  • All Packages Updated:

    Core, EF, and DelegatedUserStore packages are now at 0.3.5.

🧐 Why This Matters

Many identity platforms “pass the tests” but frustrate real developers with missing extension points, hard-coded behaviors, or lack of practical features. CoreIdent is committed to surfacing and fixing these gaps—so your apps work the way you expect, not just the way the spec says.

🔭 What’s Next?

  • Tackling the new checklist: custom claims, consent, dynamic registration, and more
  • Minimal, extensible UI package for login, consent, and error handling
  • Real-world interop and negative testing
  • Community feedback and contributions welcome!

📚 Read More

Ready to try CoreIdent or contribute?

Check out the repo, and let’s build the identity system we all wish existed!