OpenID Federation 1.0for JavaScript.
The complete OpenID Federation 1.0 implementation for JavaScript — runtime-agnostic, spec-compliant, built on Web API standards.
Trust Anchors, Entity Configurations, Trust Chains, Subordinate Statements, Metadata Policy, Trust Marks, authority hints, federation endpoints, and automatic / explicit client registration — wired as (Request) => Promise<Response> handlers that run identically on Node.js, Deno, Bun, workerd, Electron, and browsers.
ta.example.org → op-1.example.com · resolved in 320ms
Trust, unbundled from bilateral agreements.
Traditional approaches to establishing trust between systems rely on bilateral agreements and manual metadata exchange. OpenID Federation introduces cryptographically verifiable trust chains — enabling dynamic, scalable trust without per-party configuration.
No more bilateral agreements
Entities join a federation once. Trust is derived from a cryptographically signed chain — not from individual contracts between every pair of participants.
Verifiable trust at scale
Every claim is signed. Trust Anchors publish constraints and metadata policies that are cryptographically enforced down the chain.
Protocol-independent by design
Works with OpenID Connect, OAuth 2.0, and beyond. The federation layer is orthogonal to the protocol used for authentication or authorization.
Four spec packages, three apps, one CLI.
Modular by design. Install only what you need — from core primitives to full OIDC registration flows, interactive learning, and visual exploration tools.
- @oidfed/core$ npm i @oidfed/core
Federation primitives — entity statements, trust chain resolution, metadata policy, and cryptographic verification.
- @oidfed/authority$ npm i @oidfed/authority
Trust Anchor and Intermediate Authority operations — subordinate management, statement issuance, and policy enforcement.
- @oidfed/leaf$ npm i @oidfed/leaf
Leaf Entity toolkit — Entity Configuration serving, authority discovery, and trust chain participation.
- @oidfed/oidc$ npm i @oidfed/oidc
OpenID Connect and OAuth 2.0 federation flows — automatic and explicit client registration, Request Object validation.
A visual tool for exploring live OpenID Federation deployments — inspect entity configurations, trace trust chains, and validate topology.
An interactive course on OpenID Federation 1.0 — 15 lessons from first principles to federation topology design.
Project homepage (this site).
@oidfed's own reference deployment — OpenID Federation 1.0 topologies (single-anchor, hierarchical, multi-anchor, cross-federation, constrained, policy-operators) built on the spec packages, inspectable via the Explorer or the @oidfed/cli.
Named adoptions, pilots, and specifications.
Examples of OpenID Federation being adopted, piloted, or specified for trust establishment across governments, academic networks, and AI-agent identity research. Status varies — from published technical rules to running pilots. Every entry links to an authoritative source.
- EUEuropean Digital Identity Wallet (eIDAS 2.0)EU · ARF reference
The Architecture and Reference Framework references OpenID Federation for cross-border wallet trust establishment.
- ITItaly — SPID / CIE OIDC FederationAgID · technical rules
AgID published OpenID Connect Federation technical rules for SPID and CIE (Jan 2023); reference implementation italia/spid-cie-oidc-django.
- EUeduGAIN — OpenID Federation pilotAcademic · GN5-2 pilot
GÉANT eduGAIN is piloting OpenID Federation as the future trust technology alongside SAML (12-month pilot started July 2025).
- GLBIdentity Management for Agentic AIAI agents · OID Foundation
OpenID Foundation whitepaper (Oct 2025) names OpenID Federation as a candidate interoperable trust fabric for AI agents operating across diverse domains.
Verifiable trust for agent-to-agent futures.
As AI agents interact on behalf of users and organizations, verifiable trust becomes critical. OpenID Federation provides the infrastructure for agent-to-agent trust — machines can verify each other's identity and capabilities through the same cryptographic trust chains that today secure humans, applications, and services.
The same Trust Anchors, Entity Configurations, Subordinate Statements, Metadata Policy, and Trust Marks that bind humans into a federation can bind autonomous agents into a federation of machines — with cryptographically enforceable limits on what any given agent is authorised to do on whose behalf.
The OpenID Foundation's AI Identity Management Community Group has published a whitepaper (PDF) naming OpenID Federation as a candidate trust fabric for agent-to-agent identity.