What we are building next
Kotauth is open source and built in the open. This is where things stand and where they are headed. Priorities shift with community input.
Live today on v1.19.2.
OAuth 2.0 & OIDC core
Full provider with PKCE, token rotation and discovery.
Multi-tenant workspaces
Isolated directories, keys and policies per tenant.
AI-native MCP server
33 scoped tools across 8 domains.
White-label auth screens
Server-rendered, themed per workspace.
Magic-link & Email OTP
Passwordless flows that stay MFA-aware.
Encrypted backup & restore
Portable tenant snapshots via CLI or API.
Actively in development for upcoming releases.
Enterprise SSO
LDAP and SAML federation for upstream identity providers.
Passkeys & WebAuthn
Phishing-resistant sign-in alongside existing methods.
Webhook event streaming
Subscribe downstream systems to audit and lifecycle events.
Admin impersonation
Scoped, fully audited support sessions.
Committed, scoped, and queued.
SCIM provisioning
Automated user lifecycle sync with external directories.
Fine-grained authorization
Relationship-based access control for complex permissions.
Self-service org management
Let end users create and administer their own organizations.
Audit log export
Stream to SIEM targets and object storage on a schedule.
Researching. Tell us if you need these.
Device authorization flow
Sign in on input-constrained devices like TVs and CLIs.
Step-up authentication
Demand stronger factors for sensitive operations.
Policy-as-code
Version-controlled security policies applied at deploy time.
Org-level billing hooks
Usage signals for teams building products on top of Kotauth.
Have a say in what ships next
Roadmap priorities are shaped in public. Open a discussion, file a request, or upvote what matters to you.