Every once in a while, a security problem comes up that needs patching. We couldn’t find a clear and concise Microsoft document that describes that process, so we asked Barry directly. We thought it might be useful to document our conversation here. Regardless what you are building, you ultimately have two types of dependencies: Functionality that is part of the .NET runtime/SDK Functionality you reference via a Nuget package. This might be a Microsoft package that is not part of the shared runtime (e.

Today is a big day for us! Almost one year in the making, our new company has its first official release. If you haven’t followed our journey, we announced Duende Software as the new home for IdentityServer with a sustainable business model on October, 1st. We then migrated the IdentityServer4 code base and added .NET 5 support in Preview 1, added automatic key management in Preview 2 and finally resource isolation in Preview 3.

A final update for 2020: we published preview 3 of Duende IdentityServer to Nuget! The big feature added in preview 3 is support for resource isolation - our implementation of the Resource Indicators for OAuth 2.0 spec (RFC 8707). See also my blog post from yesterday about resource isolation. We also enabled support for data protecting all persisted grants and removed all dependencies to JSON.NET. We are now feature complete, and this will be the last preview before we release v5 on the 14th January.

This is the second part in a series of posts covering new (and old) features of Duende IdentityServer. These posts are not supposed to be super technical deep dives (that’s what documentation is for), but rather explain the feature at a more conceptual level, why it exists, and why it might useful for you. The Problem OAuth itself only knows about scopes - the (API) resource concept we use in Duende IdentityServer does not exist from a pure protocol point of view.

One of the downsides of free open source is, that you only get to know a very small subset of your user-base and scenarios where your software is used. Since we announced the new license in October, we spoke to a tremendous amount of companies and developers that use IdentityServer in a vast amount of different scenarios. It’s very hard to find a “one size fits all” pricing model, and we’ve been trying to fine tune our offerings to make it work for as many people as possible.

Just a quick update: we published preview 2 of Duende IdentityServer to Nuget! The big feature added in preview 2 is the final version of key management. We polished the API surface, added support for multiple keys and added the EF persistence layer. You can find the preview docs here. If there are any problems, please let us know on our issue tracker or contact us via our website. Duende IdentityServer Nuget package EF and ASP.

This is the first part in a series of posts covering new (and old) features of Duende IdentityServer. These posts are not supposed to be super technical deep dives (that’s what documentation is for), but rather explain the feature at a more conceptual level, why it exists, and why it might useful for you. The Problem Obviously, a very important part of a security token service is the key material to sign the actual security tokens.

Just a quick update: we published preview 1 of Duende IdentityServer to Nuget! Preview sounds scary - but this is really just the migrated code-base of IdentityServer4 and the initial feature set of the new automatic key management (I will publish a separate post going into more details about that soon). Duende IdentityServer is free for development and testing. Start here and give it a try! Here’s a list of all the new bits:

Welcome to Duende Software! This company was founded by Brock Allen and Dominick Baier. We’ve been working together since 2009 on free open-source security software. Probably the most well-known is IdentityServer, which is an OpenID Connect and OAuth 2.0 framework for ASP.NET and ASP.NET Core. In 2020 we decided to make the switch from free open-source to a stronger foundation to work on our software. If you are interested in the long version of the history see here.