OIDC has become the backbone of secure authentication in modern apps. It wraps OAuth 2.0 with identity layers, letting you verify users and pull in profile data without storing passwords. But if you’ve built on it long enough, you’ve hit limits: provider interoperability gaps, missing claims, slow discovery endpoints, inflexible token lifecycles. Each one grinds productivity to a halt.
An OIDC feature request is more than asking for a tweak. It’s a precise, testable change to the protocol or a provider’s implementation. These requests can cover:
- New custom claims for domain-specific user data
- Token binding or rotation enhancements to block replay attacks
- Extended metadata in the discovery document
- Stronger support for dynamic client registration
- Improvements in PKCE handling for SPA security
Submitting a feature request requires clarity. Providers move faster when you deliver exact reproduction steps, API call examples, and specific breaks in the current spec compliance. Reference the relevant section in the OpenID Connect Core documentation. Include how the change impacts cross-provider compatibility. Link to open issues or pull requests in related projects so the request gains traction beyond your team.