IdentityServer4 is public again

Our Duende development team is committed to delivering the world’s most secure, standards-compliant, trusted identity solutions. While Duende IdentityServer is a fully supported and secure OpenID Connect and OAuth 2.0 framework for .NET Core, IdentityServer4 has been out of support for a long time. The older IdentityServer4 contains multiple known security vulnerabilities and bugs, and has outdated documentation. With that background, we made the IdentityServer4 repository private on February 17, 2025, resulting in our fork of the repository no longer being available to the general public.
Read More

Duende BFF Security Framework V3 Release Candidate 1

Today, we’re happy to bring you the first Release Candidate for the next version of the Duende Backend-for-Frontend (BFF) Security Framework V3.

BFF (Backend-For-Frontend) solves security and development challenges for client-side developers using SPA frameworks like React, Angular, VueJs or Blazor by providing a dedicated backend to manage OAuth/OIDC interactions while enforcing a “no tokens in the browser” policy.

In this blog post, we’ll look at some new functionality and cover some aspects you should be aware of when upgrading.

Read More

Upcoming Duende IdentityServer 7.2 Preview 1 Release

After our recent 7.1 release of IdentityServer, we’re moving toward version 7.2 and collaborating with the IETF to standardize several specifications. Even though we’re busy, we thought you’d appreciate an update on what’s next. For early adopters, you now have access to IdentityServer 7.2 Preview 1, which includes enhancements, bug fixes, and general improvements to the codebase. This release is now published on all official channels and IdentityServer NuGet packages are available for testing.
Read More

More

Duende IdentityServer 7.1 New Year's Release

Security hotfix for Duende.AccessTokenManagement.OpenIdConnect

DPoP Package Updates

Pushed Authorization Request (PAR) Support in ASP.NET Core

All Posts