Roadmap

What we are building next

Kotauth is open source and built in the open. This is where things stand and where they are headed. Priorities shift with community input.

Shipped In progress Planned Exploring
Shipped

Live today on v1.19.2.

OAuth 2.0 & OIDC core

Full provider with PKCE, token rotation and discovery.

Multi-tenant workspaces

Isolated directories, keys and policies per tenant.

AI-native MCP server

33 scoped tools across 8 domains.

White-label auth screens

Server-rendered, themed per workspace.

Magic-link & Email OTP

Passwordless flows that stay MFA-aware.

Encrypted backup & restore

Portable tenant snapshots via CLI or API.

In progress

Actively in development for upcoming releases.

Enterprise SSO

LDAP and SAML federation for upstream identity providers.

Passkeys & WebAuthn

Phishing-resistant sign-in alongside existing methods.

Webhook event streaming

Subscribe downstream systems to audit and lifecycle events.

Admin impersonation

Scoped, fully audited support sessions.

Planned

Committed, scoped, and queued.

SCIM provisioning

Automated user lifecycle sync with external directories.

Fine-grained authorization

Relationship-based access control for complex permissions.

Self-service org management

Let end users create and administer their own organizations.

Audit log export

Stream to SIEM targets and object storage on a schedule.

Exploring

Researching. Tell us if you need these.

Device authorization flow

Sign in on input-constrained devices like TVs and CLIs.

Step-up authentication

Demand stronger factors for sensitive operations.

Policy-as-code

Version-controlled security policies applied at deploy time.

Org-level billing hooks

Usage signals for teams building products on top of Kotauth.

Have a say in what ships next

Roadmap priorities are shaped in public. Open a discussion, file a request, or upvote what matters to you.