Got triggered by by Hacker News comments What's OAuth2, anyway? https://news.ycombinator.com/item?id=42829149

And specially got interested in the successor to OpenID Connect (OIDC) which is not officially defined yet

Most notable - FAPI and GNAP

FAPI profile

Just profile ...

OpenID Foundation seems took a path of making "profiles" like FAPI rather consolidation and enforcing the best practices and depricating the bad.

FAPI (Financial-grade API Security Profile 1.0) https://openid.net/specs/openid-financial-api-part-1-1_0.html

I hope the community will combine it all at some point and add specifications for proper policy and resources management too by looking at the full lifecycle of modern applications.

GNAP

The real successor?

GNAP (Grant Negotiation and Authorization Protocol) is an in-progress effort to develop a next-generation authorization protocol

From spec https://oauth.net/gnap/

GNAP is not an extension of OAuth 2.0 and is not intended to be directly compatible with OAuth 2.0. GNAP seeks to provide functionality and solve use cases that OAuth 2.0 cannot easily or cleanly address.

GNAP and OAuth 2.0 will likely exist in parallel for many deployments, and considerations have been taken to facilitate the mapping and transition from existing OAuth 2.0 systems to GNAP

Doesnt look like GNAP will fly any time soon, however there is a very interesting part - Security Considerations section. Looks like it was made by people who are familiar with all varieties of cyberops and usability issues in OAuth2/OIDC spec.

Security Considerations section

https://datatracker.ietf.org/doc/html/draft-ietf-gnap-core-protocol#name-security-considerations