March 24, 2026

To:         Layer7 Customers

From:     The Broadcom Layer7 Product Team

Subject:  General Availability Announcement for Layer7 OAuth Toolkit (OTK) 4.7

The Layer7 product group of Broadcom's IMS division is pleased to announce that the Layer7 OAuth Toolkit (OTK) version 4.7 is now available! This milestone provides enhancements based on customer feedback. Congratulations to the team for reaching this important milestone while continuing to provide important enhancements to our customers!

Here are the highlights of the Layer7 OTK 4.7 release:

• Support for DPoP - Demonstrating Proof of Possession for OAuth access tokens is now supported to prevent token replay attacks by allowing binding of access tokens to a cryptographic key pair of the client
• Resources and Custom fields in DCR -  Enhances OpenID Connect Dynamic Client Registration (DCR) by introducing support for custom client metadata.
• OpenID Connect offline_access Scope Enforcement - The Token Endpoint now provides an option to use the offline_access scope for issuing Refresh Tokens. When configured, a refresh_token is issued only if the client explicitly requests it with offline_access scope and receives user consent.
• Layer7 Operator support for OTK - Dual GW Ephemeral  - Enhancements to the OTK’s support for the Layer7 Operator have been made to support a dual gateway deployment with ephemeral gateways. This will be delivered with the Layer7 Operation 1.3.0 release coming soon.
• Header-Based Mutual TLS (mTLS) Authentication - This feature extends mutual TLS (mTLS) support to architectures where SSL is terminated at a load balancer. OTK can now securely retrieve and validate the original Base64-encoded client certificate from the X-Client-Cert HTTP header.
• OIDC/FAPI Certification - The OTK has fully passed the OpenID and FAPI certification suites provided by the OpenID Foundation. Official certification is expected to be listed on the OpenID Foundation website soon.
• K8S JDBC SSL Configuration Support - The OTK Helm Charts now support the ability to configure MySQL JDBC connections for the OTK database using SSL.

Please see the release notes and product documentation for more information.

You can download your copy of Layer7 OAuth Toolkit (OTK) 4.7 from Broadcom Support Online https://support.broadcom.com/. If you have any questions or require assistance please contact Broadcom Customer Care online at https://www.broadcom.com/support/software/contact where you can submit an online request using the Customer Care web form: https://ca-broadcom.wolkenservicedesk.com/web-form?_ga=2.205828371.1432263889.1590607313-713014253.1588711301 .  You can also call Broadcom Customer Care at +1-800-225-5224 in North America or see https://www.broadcom.com/support/software/contact for the local number in your country. 

Should you need any assistance, our Broadcom Services experts can help.  For more information on Broadcom Services and how you can leverage our experience, please visit https://www.broadcom.com/support/ca/services-support/ca-services.

Your success is very important to us, and we look forward to continuing our successful partnership with you.

To review Broadcom Support lifecycle policies, please review the Broadcom Support Policy and Terms located at: https://support.broadcom.com/.  

Thank you again for your business.