30.01.2026 07:40
👍 1
🔁 0
💬 0
📌 1
I use AI. But I use it like a hammer, not a subordinate. If I use a hammer to build a table, I've built the table. If I direct a subordinate to build a table, I haven't built the table.
SemVer
😂
SimpleExec 13.0.0 is out now! Featuring secret redaction when echoing commands! www.nuget.org/packages/Sim...
Claims and scopes describe user information in OpenID Connect.
Let's see how Duende IdentityServer handles consent, different client types, required vs. optional scopes, and what happens when a client doesn't get everything it asked for.
duende.link/97aeqlj 👀
#dotnet #aspnetcore
Adding .NET 10 Passkey Support to Duende IdentityServer
👉 duende.link/berqe86
Learn how to add #dotnet 10 passkey support to a non-Blazor project such as MVC or Razor Pages.
#security #aspnetcore #identity #webauthn
This. I've already dropped at least one commercial product for trying too hard to force their AI offering down my throat.
Fresh post on external providers in #aspnetcore
We cover initial setup, the connection between external and cookie authentication, and discusses why alternatives might be better for production apps.
duende.link/q24tubs #security #identity #dotnet
I'm beyond sick to the teeth of “Introducing [product name] AI”
Add an extra layer of security to critical user actions! 🛡️
Learn how to implement Step Up challenges in your #aspnetcore apps with Duende #IdentityServer to enhance user verification and re-confirm identity for some activities.
duende.link/qthej2r
#dotnet #security #oidc
The #dotnet 8.0.17 upgrade fixed validation of forwarded headers and proxy server configuration in load balanced scenarios.
Great! Or not 🤔
This patch may affect your #aspnetcore app. 😱
Check our blog post for background and fix: duende.link/0mgnet8
Terms like "client" in OpenID Connect and OAuth 2.0 are clear for security folks, but non-technical people are sometimes confused.
In this post, let's clarify what a "client" means in application security.
duende.link/m8tyde4 #dotnet #security #identity
Monitoring IdentityServer License Usage with #aspnetcore Health Checks 🔍
🤔 How to create custom health checks
👍 Registering them
💡 Example health checks for IdentityServer
Find out in this blog post! duende.link/hi7fw5q #dotnet #identity
What are some of the essential moments in the OAuth and OpenID Connect timeline?
In this article, we look back at the past 15 years to explore how the IETF and OpenID Foundation have set standards that shaped OAuth and OpenID Connect today.
duende.link/q39aegk #dotnet #security #ietf #oidc
IdentityServer can use OpenTelemetry and share metrics, traces, and logs to help monitor and troubleshoot applications.
In this post, we'll see how to surface this data in the .NET Aspire dashboard! 🧐
duende.link/xa5p1r3 #dotnet #aspire #identityserver #otel
In recent weeks, some of our customers reported performance degradations. You won't believe what happened next 😱
Clickbait aside, #efcore, SqlClient, and transient retries don't always go well together. More on our blog!
duende.link/1khti3w #dotnet #identityserver #azure
Managing OpenAPI Specifications with Backend For Frontend and Swagger UI 📚
We'll briefly recap the BFF pattern, and then dive into a sample & learn how to reveal your OpenAPI specifications securely.
duende.link/73hbw12 #dotnet #security #bff #openapi #aspnetcore
Introducing the Duende Developer Community (and a new documentation site!)
🏘️ Community: connect with peers around #identityserver, #bff, #oidc, and more!
📝 New docs: fresh design, new topics, dark mode, ...
Learn more on our blog 👉 duende.link/1uiro2d #dotnet #security
Secure machine-to-machine communication?
In this video, Roland walks you through the #oauth2 Client Credentials flow. It's relatively straightforward, and a great way to get introduced to OAuth.
📺 youtu.be/_ncPlNlcavo
#oauth2 #identityserver #accesstoken #dotnet #security
Authorization Policy TagHelpers for ASP .NET Core Razor Views
This post discusses creating an AuthorizationPolicyTagHelper to build nicer Razor Pages views where the content depends on the ClaimsPrincipal and authorization policy. 🔐
duende.link/2wywy44
#aspnetcore #dotnet #security
Kicking off our Open Source Sponsorship program this quarter, where our developers picked a project we'll sponsor for 12 months:
🙌 Shouldly Assertion Framework
We're using it ourselves, and here's why you may want to:
duende.link/w4whryh #dotnet #testing
Secure your #VueJS apps with OpenID Connect & the BFF pattern! 🔒
We’ll look at the basic architecture of a BFF solution, the responsibilities of each component, and how it all fits together.
duende.link/eshdrq4
#Security #OAuth2 #OpenIDConnect #dotnet
Bullseye 6.0.0 is out now! Thanks to Yauhen Pyl for contributing to this release. www.nuget.org/packages/Bul...
A common attack web devs need to guard against is Cross-Site Request Forgery (CSRF).
🦸♀️ Anti-Forgery tokens to the rescue!
Let's see how they work in more detail 👇
duende.link/wk7e6sg #dotnet #aspnetcore
Today brings you #IdentityServer 7.2! 🎁
1️⃣ Strict Audience Validation ensures that the audience is equal to the issuer and validates the token’s typ value.
2️⃣ Discovery Document Caching helps throughput in large deployments
And more! 👉 duende.link/hjdsk82 #dotnet #aspnetcore
Good news! We just released Duende Backend-for-Frontend (BFF) Security Framework V3.
All the necessary components to secure browser-based frontends (e.g. SPAs or #Blazor applications) with #aspnetcore backends.
duende.link/iuq3t4n #dotnet
Why can't I have issue types in my personal @github.com repos? They have tasks, bugs, and features just as much as any org repo I work in.
We discovered a flaw in our website's contact form and some Community Edition requests were never received.
If you didn't heard back after sending your request, please reach out via duendesoftware.com/contact - we've resolved the issue.
Sorry for the inconvenience!
Let's try this GitHub discussions thing... Who's still on IdentityServer 4, and why? #dotnet
github.com/orgs/DuendeS...
