Today is a big day for us! Almost one year in the making, our new company has its first official release. If you haven’t followed our journey, we announced Duende Software as the new home for IdentityServer with a sustainable business model on October, 1st. We then migrated the IdentityServer4 code base and added .NET 5 support in Preview 1, added automatic key management in Preview 2 and finally resource isolation in Preview 3.

A final update for 2020: we published preview 3 of Duende IdentityServer to Nuget! The big feature added in preview 3 is support for resource isolation - our implementation of the Resource Indicators for OAuth 2.0 spec (RFC 8707). See also my blog post from yesterday about resource isolation. We also enabled support for data protecting all persisted grants and removed all dependencies to JSON.NET. We are now feature complete, and this will be the last preview before we release v5 on the 14th January.

This is the second part in a series of posts covering new (and old) features of Duende IdentityServer. These posts are not supposed to be super technical deep dives (that’s what documentation is for), but rather explain the feature at a more conceptual level, why it exists, and why it might useful for you. The Problem OAuth itself only knows about scopes - the (API) resource concept we use in Duende IdentityServer does not exist from a pure protocol point of view.