Duende is committed to open source and values contributors. We are now sponsoring Astro and Starlight, the static site generator that powers our docs. More details about Astro and why we are sponsoring on our blog: #dotnet #astro #identity.

Monitoring IdentityServer License Usage with #aspnetcore Health Checks 🔍. 🤔 How to create custom health checks.👍 Registering them.💡 Example health checks for IdentityServer. Find out in this blog post! #dotnet #identity

Add an extra layer of security to critical user actions! 🛡️. Learn how to implement Step Up challenges in your #aspnetcore apps with Duende #IdentityServer to enhance user verification and re-confirm identity for some activities. . #dotnet #security #oidc

Terms like "client" in OpenID Connect and OAuth 2.0 are clear for security folks, but non-technical people are sometimes confused. In this post, let's clarify what a "client" means in application security. #dotnet #security #identity.

So, you're building a frontend app and dealing with APIs? And OAuth 2.0 is just a massive headache to get secure on the frontend. What if you could just delete that OAuth library?. Interview with Philippe De Ryck: #dotnet #security #bff #oauth2

Supercharge your proxy needs! 🦸. Integrate with #YARP for advanced routing, load balancing, etc., while getting BFF's automatic token management and CSRF protection for proxied APIs. Here's how to add it to your Backend for Frontend: #dotnet #security

A Step Up challenge ensures critical actions are verified through additional scrutiny. You can handle this in client apps, but how do you communicate a step-up is needed from the API side? Let's see how to implement this in #aspnetcore. #dotnet #security

The #dotnet 8.0.17 patch fixed validation of forwarded headers and proxy server configuration in load balanced scenarios. Great! Or not 🤔.This update may affect your #aspnetcore app. 😱. Check our blog post for background and fix:

IdentityServer 7.3.0 Release Candidate 1 is out! It brings FAPI 2.0 profile certification, JWT response from the introspection endpoint, diagnostics data, OpenTelemetry updates, and more! . #dotnet #security.

With #dotnet run app.cs announced at #MSBuild for .NET 10, we've been trying it out to test the #IdentityServer login flow. It's quite nice!. In this post we'll see how to test first-party logins work properly, entirely through .NET code.

Duende is committed to open source and values contributors. We are now sponsoring Astro and Starlight, the static site generator that powers our docs. More details about Astro and why we are sponsoring on our blog: #dotnet #astro #identity

User authentication involves user interfaces during the login process, a secure back channel to exchange tokens, and more. Roland Guijt's latest video covers OAuth 2.0's Authorization Code Flow in #aspnetcore #identityserver #dotnet #security.

Check out the freshly deployed IdentityServer 7.3.0 Release Candidate 1. It brings FAPI 2.0 profile certification, JWT response from the introspection endpoint, diagnostics data, OpenTelemetry updates, and more! . #dotnet #security.

Stop CSRF cold! 🚔. Duende's BFF requires a simple custom header on authenticated API requests. This standard check and SameSite cookies provide strong protection against Cross-Site Request Forgery. Learn how: #dotnet #security

The outdated IdentityServer4 has security vulnerabilities, bugs, . Duende IdentityServer, its commercial successor, supports the latest #dotnet versions and new OAuth 2.0 and OpenID Connect specs. Upgrade with our step-by-step guide at #aspnetcore

Remote APIs? Let the BFF handle it! 🤝. Your frontend calls the BFF using its session cookie. The BFF securely swaps this for an access token and proxies the call - the browser never sees the access token! 🙈. Learn more: #dotnet #security

Add an extra layer of security to critical user actions! 🛡️. Learn how to implement Step Up challenges in your #aspnetcore apps with Duende #IdentityServer to enhance user verification and re-confirm identity for some activities. . #dotnet #security #oidc

Terms like "client" in OpenID Connect and OAuth 2.0 are clear for security folks, but non-technical people are sometimes confused. In this post, let's clarify what a "client" means in application security. #dotnet #security #identity

Think you're safe online? OAuth 2.0 in the browser could let attackers steal your access tokens and use them for as long as they are valid, acting on the user's behalf 😱. Interview with Philippe De Ryck: #dotnet #security #bff #oauth2

Secure user sessions with robust cookies! 🍪. The Backend for Frontend (BFF) framework uses the #aspnetcore handler for HttpOnly, Secure, SameSite cookies, with strong session protection. Server-side sessions offer even more control. #dotnet #security