Back to all releases

v0.78.0

Platform

// June 30, 2026

Connect to stricter OAuth providers with outbound CIMD support

Remote session OAuth now works with identity providers that require Client ID Metadata Documents (CIMD), so organizations with stricter upstream authorization servers can register outbound clients without a shared secret.

Features

  • Outbound CIMD support for remote session OAuth #3706 - Create a
    in CIMD mode: Gram generates the client ID, hosts a public client metadata document, and sends that URL as the client ID on every outbound authorize, token, and refresh call, with no symmetric secret required. Issuer discovery now detects CIMD support automatically, which gates the new option, and the client and issuer views surface the metadata URL and support status. (Author: @bflad)
Sagar Batchu
Sagar Batchu
View on GitHub