Skip to content

UltimateAuth Roadmap #8

Open
Open
UltimateAuth Roadmap#8
Labels
roadmap
@mckaragoz

Description

@mckaragoz
mckaragoz
opened on Dec 27, 2025

🧭 UltimateAuth Roadmap

From Foundation to beyond v1.0.0

This document describes the phased roadmap of UltimateAuth.
Each phase represents a clear milestone with explicit scope and expectations.

🧱 Phase 0 — Foundation / Pre-Product (Completed)

Goal:
Prove that UltimateAuth is architecturally sound, not just functional.

Steps

  • Core domain model (Session, Chain, Root, Tokens)
  • Command-based authentication flows
  • Generic UserId & tenant-aware design
  • Session lifecycle & state machine
  • Session & Token Stores
  • Server middleware pipeline (Tenant → Session → User)
  • Endpoints
  • Secure HttpOnly cookie handling

Outcome:
UltimateAuth is now a real, working system with clean internal boundaries.

🚧 Phase 1 — First Release (v 0.1.0)

Goal:
Allow early adopters to use UltimateAuth end-to-end without over-expanding scope or promises.

Included in 0.1.0

Core & Server

  • Primary Password Hashing
  • Login / Logout / Validate
  • Programmatic Login Support
  • Minimal Client SDK (login / logout / validate)
  • Basic Refresh Session Flow
  • Minimal Re-auth (step-up) Skeleton
  • EF Core Persistence Support (sessions, tokens and credentials)
  • PureOpaque Auth Mode Support
  • Blazor Server Sample (fully working)
  • Multi-Client Support
  • ClientProfile Auto Detection & Server Communication
  • Hybrid Auth Mode Support
  • Blazor WASM Sample (fully working)
  • PKCE Flow
  • UAuthHub Sample
  • Device Binding
  • Explicit Invariant Validation & Startup Safety Checks
  • Multi Tenant Skeleton
  • Basic User Management Package
  • Basic Role Support

Documentation & Tests

  • Readme
  • InMemory Sample Completion
  • EFCore Store Implementation
  • DX Improvement
  • ResourceApi Design
  • EFCore Sample
  • Markdown based docs
  • First preview release
  • Unit Test Infrastructure
  • Basic Product Website
  • Final API & UX Polish & Using With a Real World App

Release: 0.1.0

Safely usable. Stable public client side API. Server side APIs may change. Feedback encouraged.

🧩 Phase 2 — First Stable API (v 0.2.0)

Goal:
Enable developers to build real applications with confidence.

Suitable and safe for small and medium applications.

  • Password Policy Engine
  • Password History
  • Attempt Counting & Lockout Rules
  • Login Identifiers
  • Device Limits
  • Rate Limiting
  • SemiHybrid Auth Mode Support
  • PureJwt Auth Mode Support
  • Integration Test Infrastructure
  • Website Improvements (Detailed Content, API Reference and Content Metadata)

Release: 0.2.0

Breaking changes unlikely, but possible.

🧩 Phase 3 — Road to Production (v 0.3.0 - v 0.6.0)

UltimateAuth is suitable for large and enterprise applications.

v 0.3.0 Security & Assurance Expansion

  • Token Refresh Lifecycle Stabilization
  • MFA
  • Re-auth (step-up authentication) Flow
  • Refresh Token Anomaly Detection Hooks
  • Clear Error & State Semantics
  • Security Events Stream

v 0.4.0 - Infrastructure Expansion

  • Improved EF Core support (indexes, cleanup jobs)
  • Distributed Cache for EF Core Session Store
  • Redis Session & Token store
  • Other Password Hashing Providers
  • MAUI Support

v 0.5.0 Multi Tenant Expansion

  • Checking Current MultiTenancy Infrastructure
  • Detailed User Management Package
  • Multi Tenant Management Package

v 0.6.0 Compliance & Extensibility Expansion

  • Audit Logs Persistence
  • Webhooks & Event Sinks
  • External Platform Hooks
  • Enhanced Device Binding

v 0.7.0 Performance Expansion

  • Cache & Performance Improvization
  • Performance Benchmarks

v 0.8.0 Ecosystem Expansion

  • Migration tools & guides from other identity platforms

Until v1.0.0, internal APIs may evolve.
Public-facing contracts will be kept as stable as possible, and breaking changes will always be documented.

🏗️ Phase 4 — Api Surface Locked (v 1.0.0)

Goal:
Make UltimateAuth's first contract promise.

  • MFA Orchestration
  • Token Revocation Guarantees
  • CSRF Hardening
  • Audit & Logging
  • Early Refresh Detection
  • Security Hardening Review
  • High-coverage Unit Tests
  • Integration & Regression Tests
  • Aspire Samples
  • Docker / Container-first Samples
  • Multi Tenant Complete Stabilization
  • Interactive Sandbox Docs

Release: 1.0.0

🌱 Phase 5 — Long-Term Evolution

Goal:
Position UltimateAuth as a first-class authentication framework for .NET.

  • Session Anomaly Detection
  • Pluggable MFA Providers
  • Federation & External Identity Support
  • Advanced Policy Engine
  • Enterprise Observability & Tooling
  • Long-term Support Strategy

🤝 Contributing & Feedback

UltimateAuth is opinionated by design,
but real-world feedback is essential.

If you care about:

  • Authentication internals
  • Distributed systems
  • Security architecture
  • Blazor / WASM auth UX

please open an issue or discussion.

Metadata

Metadata

Assignees

No one assigned

    Labels

    roadmap

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions