Introducing Duende.AccessTokenManagement

Every single OAuth/OIDC project needs a solution for token management in client applications at some point. It first sounds like a trivial thing, but it is surprisingly hard to get it right.

We have been working on an access token management library for ASP.NET Core on the side for a couple of years now, and we also used it ourselves in our BFF security framework.

And while re-visiting it recently, we realized it shows its age and needs some substantial work to maintain. That why we decided that we will take this codebase on as our first Duende sponsored free open source project - Duende.AccessTokenManagement.

D.ATM (as we call it) contains all the features from the initial project in the IdentityModel organisation and is licensed under Apache 2. Besides that it has a couple of improvements, e.g.

• optimized for .NET 6+
• re-worked all configuration to be more idiomatic and DI friendly
• re-worked the layering to reduce dependencies in situations where ASP.NET is actually not needed (e.g. in demons/workers)
• better extensibility
• bug fixes and optimisations for edge cases
• clean up and (hopefully) better tests

We also worked on documentation - especially with focus on the two main scenarios: workers and web applications (and a little bit of Blazor Server).

It is currently in preview stage and can be found on NuGet here and here, but we are planning to release v1 in the coming weeks. Please give it a try and feel free to get involved. This would help us a lot.

Update

V1 has been released and also tested for .NET 7 compatibility - we also created a short introductory video here.