diff --git a/openid-connect-client/pom.xml b/openid-connect-client/pom.xml
index 7de750b55..3883b2655 100644
--- a/openid-connect-client/pom.xml
+++ b/openid-connect-client/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.2.cnaf.rc0</version>
+		<version>1.3.3.cnaf-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-client</artifactId>
diff --git a/openid-connect-common/pom.xml b/openid-connect-common/pom.xml
index d2c485f41..ac41cc4de 100644
--- a/openid-connect-common/pom.xml
+++ b/openid-connect-common/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.2.cnaf.rc0</version>
+		<version>1.3.3.cnaf-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-common</artifactId>
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/IDTokenClaimsEnhancer.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/IDTokenClaimsEnhancer.java
new file mode 100644
index 000000000..2a628f0b9
--- /dev/null
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/IDTokenClaimsEnhancer.java
@@ -0,0 +1,12 @@
+package org.mitre.openid.connect.service;
+
+import java.util.Date;
+import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
+import org.springframework.security.oauth2.provider.OAuth2Request;
+import com.nimbusds.jwt.JWTClaimsSet;
+
+public interface IDTokenClaimsEnhancer {
+
+  void enhanceIdTokenClaims(JWTClaimsSet.Builder claimsBuilder, OAuth2Request request, Date issueTime,
+      String sub, OAuth2AccessTokenEntity accessToken);
+}
diff --git a/openid-connect-server/pom.xml b/openid-connect-server/pom.xml
index 0af658066..cda953799 100644
--- a/openid-connect-server/pom.xml
+++ b/openid-connect-server/pom.xml
@@ -23,7 +23,7 @@
 	<parent>
 		<groupId>org.mitre</groupId>
 		<artifactId>openid-connect-parent</artifactId>
-		<version>1.3.2.cnaf.rc0</version>
+		<version>1.3.3.cnaf-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<build>
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultIdTokenClaimsEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultIdTokenClaimsEnhancer.java
new file mode 100644
index 000000000..82e94e90e
--- /dev/null
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultIdTokenClaimsEnhancer.java
@@ -0,0 +1,19 @@
+package org.mitre.openid.connect.service.impl;
+
+import java.util.Date;
+import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
+import org.mitre.openid.connect.service.IDTokenClaimsEnhancer;
+import org.springframework.security.oauth2.provider.OAuth2Request;
+import org.springframework.stereotype.Service;
+import com.nimbusds.jwt.JWTClaimsSet;
+
+@Service("defaultIdTokenClaimsEnhancer")
+public class DefaultIdTokenClaimsEnhancer implements IDTokenClaimsEnhancer {
+
+  @Override
+  public void enhanceIdTokenClaims(JWTClaimsSet.Builder claimsBuilder, OAuth2Request request, Date issueTime,
+      String sub, OAuth2AccessTokenEntity accessToken) {
+
+  }
+
+}
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
index 49d7fab59..caf6421a0 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
@@ -36,6 +36,7 @@ import org.mitre.oauth2.service.AuthenticationHolderEntityService;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
 import org.mitre.oauth2.service.SystemScopeService;
 import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
+import org.mitre.openid.connect.service.IDTokenClaimsEnhancer;
 import org.mitre.openid.connect.service.OIDCTokenService;
 import org.mitre.openid.connect.util.IdTokenHashUtils;
 import org.mitre.openid.connect.web.AuthenticationTimeStamper;
@@ -94,6 +95,9 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 	@Autowired
 	private OAuth2TokenEntityService tokenService;
 
+	@Autowired
+	private IDTokenClaimsEnhancer idTokenClaimsEnhancer;
+
 	@Override
 	public JWT createIdToken(ClientDetailsEntity client, OAuth2Request request, Date issueTime, String sub, OAuth2AccessTokenEntity accessToken) {
 
@@ -142,6 +146,8 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 			idClaims.claim("nonce", nonce);
 		}
 
+		idTokenClaimsEnhancer.enhanceIdTokenClaims(idClaims, request, issueTime, sub, accessToken);
+
 		Set<String> responseTypes = request.getResponseTypes();
 
 		if (responseTypes.contains("token")) {
diff --git a/pom.xml b/pom.xml
index afba24906..fc8bd6914 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.mitre</groupId>
 	<artifactId>openid-connect-parent</artifactId>
-	<version>1.3.2.cnaf.rc0</version>
+	<version>1.3.3.cnaf-SNAPSHOT</version>
 	<name>MITREid Connect</name>
 	<packaging>pom</packaging>
 	<parent>