The upcoming release of #dotnet 10 comes with built-in passkey support. Had good fun digging into the new #Blazor project template and how it adds secure authentication using passkeys. duende.link/37egw9f #aspnetcore

Duende Software's legendary training on Identity and Access Management was originally created by Dominick Baier and Brock Allen. We're offering the training online/remotely as 6 half-day blocks the first two weeks of November. Read more and sign up at sustainsys.com/training

Say goodbye ✋ to passwords, and hello 👋 to secure, phishing-resistant logins: passkey credentials. Part 1 of our 4-part blog series covers password and authentication evolution. Longread ahead! 👀 duende.link/p455k3y #passkeys #webauthn #dotnet #security #aspnetcore

I'm hiring! Looking for an #aspnetcore dev, ideally with identity/oidc experience. Role is support, tech presales, advisory, docs, ... East coast US ideally for timezone overlap in the team Small team and company, big ambition. Reach out if you're interested! duendesoftware.com/careers/cust...

Discover a key update in #dotnet 10 that improves local development! 🔥 👉 Our latest blog post explains how a new TLS certificate and unique local domains can solve cookie conflicts and better mimic production environments. duende.link/arbgu89 #aspnetcore #security

lol the conclusions are so so wrong medium.com/c-sharp-prog...

The IETF OAuth Working Group has adopted the Identity Assertion Authorization Grant specification! datatracker.ietf.org/doc/draft-ie... This is the basis of Cross App Access (XAA), providing IT admins better visibility and control by configuring the app-to-app connections in their enterprise IdP.

Don't miss our livestream tomorrow with Microsoft .NET MVP Tore Nestenius! Demystifying Authentication in #aspnetcore Core. 📅 September 18, 2025 🕐 10:00 EST / 16:00 CEST Register now: duendesoftware.com/webinars/dem... #security #identity

Brace yourself, w̶i̶n̶t̶e̶r̶ #dotnet 10 is coming! ⛄️ Let's look at the new capabilities and features we are excited about for the upcoming .NET release in November. Expect passkeys, #opentelemetry additions,TLS for *.localhost, and more. 👀 duende.link/qet4wp9 #aspnetcore

If you missed my live stream, don't worry—the internet will keep it available forever. And if I said anything dumb, that's also never going away.

Watch the recording of our #IdentityServer 7.3 launch! duendesoftware.com/webinars/due... Joe DeCock covers new templates, and looks at setting up your environment for the FAPI 2.0 security profile and conformance tests. #dotnet #security #identity

What are Best Practices of Web Application Security in 2025? This post focuses on key security and authentication flows using OAuth 2.0 and OpenID Connect, flows to avoid, security measures to implement, and IETF Best Current Practices. duende.link/iyqe3fk #security #dotnet

We'll host a livestream with Tore Nestenius! 📹 Authentication has many concepts and moving parts. In this session, we'll clarify how authentication in #aspnetcore works. 📅 September 18, 2025 🕐 10:00 EST / 16:00 CEST duendesoftware.com/webinars/dem... #dotnet #security

HttpClient is at the heart of many projects. DelegatingHandlers let you intercept and modify requests and responses, extending base functionality. In this blog post, we'll look at DelegatingHandler and how it can make HttpClient even more powerful! 💪 duende.link/78qe4kj #dotnet #aspnetcore

We're hiring! At @duendesoftware.com, we're looking for someone to join our Customer Success team. It's a 100% remote position but we are looking for someone based in the US East Coast region for time zone reasons. If you're interested, visit duendesoftware.com/careers/cust... for details! #hiring

😂

Meet Duende #IdentityServer v7.3! This new release includes: 👉 Enhanced security & future proofing with FAPI 2.0 support 👉 Quick start templates to accelerate development. 👉 And more.... Release blog here ➡️ duende.link/is73b0b #dotnet #security #identity

External identity providers in #aspnetcore In this post, we cover initial setup (with Google), the connection between external and cookie authentication, and discusses why alternatives might be better for production apps. duende.link/q24tubs #security #identity #dotnet

Meet Duende #IdentityServer v7.3! This new release includes: 👉 Enhanced security & future proofing with FAPI 2.0 support 👉 Quick start templates to accelerate development. 👉 And more.... Release blog here ➡️ duende.link/is73b0b #dotnet #security #identity

We're at #kcdc2025 Stop by and register to win a NASA Artemis Space Launch System LEGO set. Or just say hello and meet the Duende team. Learn more about our newly released Duende #IdentityServer v7.3 with FAPI 2.0. #dotnet #security #identity

Livestream Launch Event: Duende #IdentityServer 7.3 with FAPI 2.0 + New Quick Start Templates. 🗓️ August 21, 2025 🕑 10 EST / 16:00 CEST / 14:00 UTC 🧑‍🦰 Speaker: Joe DeCock Clear your calendars and register here ➡️ duende.link/is73w0b #dotnet #security #identity

Are you worried your #dotnet #security could be more secure? Join us for a #livestream on August 21st, 2025, to discuss FAPI 2.0, its relation to #oauth and #openid, and how to harden your security posture, with our guest, Joe “Mr. Identity” DeCock. If nothing else, join us with what is a […]

There's still a chance to nominate someone who needs it to attend my training for free! Nominate someone you think is worth a free seat to increase their chances of finding a new job.

How to test your #IdentityServer? In this post, we demonstrate how to setup and run automated tests with your favorite test framework. #mstest #xunit #nunit #dotnet #security duende.link/a4rs979

Next video from our Identity & Access Control workshop: OpenID Connect We cover tokens, scopes, the #aspnetcore OpenID Connect handler, the userinfo endpoint, token management, refresh tokens, and more. youtube.com/watch?v=c41R... #identityserver #aspnetcore #oauth2 #openidconnect #dotnet

Building with #Blazor? 👷‍♀️ The BFF Security Framework offers built-in support to unify authentication state management across various rendering modes (Server, WASM, Auto) to secure API access from your app. docs.duendesoftware.com/bff/fundamen... #dotnet #security

Fresh post on external providers in #aspnetcore We cover initial setup, the connection between external and cookie authentication, and discusses why alternatives might be better for production apps. duende.link/q24tubs #security #identity #dotnet

How to test your #IdentityServer? In this post, we'll show how to setup and run automated tests with your favorite test framework. #mstest #xunit #nunit #dotnet #security duende.link/a4rs979

How to test your #IdentityServer? In this post, we'll show how to setup and run automated tests with your favorite test framework. #mstest #xunit #nunit #dotnet #security duende.link/a4rs979

Think you're safe online? OAuth 2.0 in the browser could let attackers steal your access tokens and use them for as long as they are valid, acting on the user's behalf 😱 Interview with @philippederyck.bsky.social: youtu.be/urS9wstmN2U #dotnet #security #bff #oauth2

What's In the Duende Software Toolkit? 🤔 💡 Beyond #IdentityServer, discover solutions like the BFF Security Framework, Access Token Management, and IdentityModel. Plus, Duende Templates, a demo server, and extensive documentation. #dotnet #security duende.link/2b87kja

Tried GitHub Copilot code review, and it doesn’t understand the concept of future-dating blog posts. Worse, it suggests a random-ass date. This stuff sucks.

Duende is committed to open source and values contributors. We are now sponsoring Astro and Starlight, the static site generator that powers our docs. More details about Astro and why we are sponsoring on our blog: duende.link/astr055 #dotnet #astro #identity

Supercharge your proxy needs! 🦸 Integrate with #YARP for advanced routing, load balancing, etc., while getting BFF's automatic token management and CSRF protection for proxied APIs. Here's how to add it to your Backend for Frontend: docs.duendesoftware.com/bff/fundamen... #dotnet #security

Take the chance to attend my full three day workshop on ASP.NET Core Authentication/Authorization, OpenID Connect, OAuth 2.0 and Duende IdentityServer. I'm hosting it online in August and an in person in Stockholm in September. Early bird pricing until the end of July! Will you be there?

A Step Up challenge ensures critical actions are verified through additional scrutiny. You can handle this in client apps, but how do you communicate a step-up is needed from the API side? Let's see how to implement this in #aspnetcore duende.link/318qkjl #dotnet #security

Interesting question by @damian.social - What are you using for user management in #aspnetcore? #dotnet github.com/orgs/DuendeS...

IdentityServer 7.3.0 Release Candidate 1 is out! It brings FAPI 2.0 profile certification, JWT response from the introspection endpoint, diagnostics data, OpenTelemetry updates, and more! duende.link/is73rc1 #dotnet #security

Check out the freshly deployed IdentityServer 7.3.0 Release Candidate 1. It brings FAPI 2.0 profile certification, JWT response from the introspection endpoint, diagnostics data, OpenTelemetry updates, and more! duende.link/is73rc1 #dotnet #security

Blazor is the Visual SourceSafe of the web. "Hey other visitor let me know when I can have a websocket OK?"

Duende is committed to open source and values contributors. We are now sponsoring Astro and Starlight, the static site generator that powers our docs. More details about Astro and why we are sponsoring on our blog: duende.link/astr055 #dotnet #astro #identity

Add an extra layer of security to critical user actions! 🛡️ Learn how to implement Step Up challenges in your #aspnetcore apps with Duende #IdentityServer to enhance user verification and re-confirm identity for some activities. duende.link/qthej2r #dotnet #security #oidc

Remote APIs? Let the BFF handle it! 🤝 Your frontend calls the BFF using its session cookie. The BFF securely swaps this for an access token and proxies the call - the browser never sees the access token! 🙈 Learn more: docs.duendesoftware.com/bff/fundamen... #dotnet #security

Stop CSRF cold! 🚔 Duende's BFF requires a simple custom header on authenticated API requests. This standard check and SameSite cookies provide strong protection against Cross-Site Request Forgery. Learn how: docs.duendesoftware.com/bff/fundamen... #dotnet #security

It's been a ton of work getting here but today I'm excited to announce the official commercial launch of AutoMapper and MediatR! More details here: www.jimmybogard.com/automapper-a... WHEW

Take the chance to attend my full three day workshop on ASP.NET Core Authentication/Authorization, OpenID Connect, OAuth 2.0 and Duende IdentityServer. I'm hosting it in August and an in person version in Stockholm in September. Early bird pricing until end of July! Will you be there?

Secure user sessions with robust cookies! 🍪 The Backend for Frontend (BFF) framework uses the #aspnetcore handler for HttpOnly, Secure, SameSite cookies, with strong session protection. Server-side sessions offer even more control. docs.duendesoftware.com/bff/fundamen... #dotnet #security

IdentityServer4 has multiple security vulnerabilities, bugs, and outdated documentation, and it doesn't support newer .NET versions. We're offering a free 30-minute Upgrade Assessment call to help plan your upgrade to Duende IdentityServer. #dotnet duendesoftware.com/upgrade-iden...

Awesome!!