As a loose operating agreement and not a strict contract, OAuth intentionally leaves many things undefined. While frustrating at first glance, this is powerful. It gives us the flexibility to address new problems and use-cases, not envisioned by creators of the specification.
While OpenID Connect is the most popular extension of OAuth 2.0, some of the other useful extensions that are useful on a day-to-day basis are:
