We are looking into implementing an extension to the oauth2 plugin, supporting (partly) the oidc FAPI spec (see http://openid.net/specs/openid-financial-api-part-2.html). It is a key requirement for the various API banking initiatives in Europe (see UK open banking & PSD2).
F.e. we want support to add a signed JWT id_token on the /auth & /token endpoints, containing s_hash and/or rt_hash and/or at_hash claims. Other changes would be in the way the code and tokens are generated.
Would you advise modify the existing oauth2 plugin (and count on an accepted PR); or is there a way to extend the existing oauth2 plugin? Would you be interested in a contribution to the oauth2 plugin?