Duende Software
@duendesoftware.com
Duende Software. Makers of Duende IdentityServer and the BFF security framework. https://duendesoftware.com https://youtube.com/@duendesoftware
BFF v4: You can't secure what you can't see.
OpenTelemetry is baked right in for end-to-end observability of your auth journey (redirect, token exchange, API calls).
duende.link/bff4b1b
#OpenTelemetry #Observability #DuendeBFF #Diagnostics #Tracing
OpenTelemetry is baked right in for end-to-end observability of your auth journey (redirect, token exchange, API calls).
duende.link/bff4b1b
#OpenTelemetry #Observability #DuendeBFF #Diagnostics #Tracing
Secure frontend apps with the BFF Pattern
Secure frontend apps with the Backend for Frontend (BFF) pattern. Simplify token management and boost security using Duende BFF v4, with multi-frontend support.
duende.link
December 29, 2025 at 7:01 PM
BFF v4: You can't secure what you can't see.
OpenTelemetry is baked right in for end-to-end observability of your auth journey (redirect, token exchange, API calls).
duende.link/bff4b1b
#OpenTelemetry #Observability #DuendeBFF #Diagnostics #Tracing
OpenTelemetry is baked right in for end-to-end observability of your auth journey (redirect, token exchange, API calls).
duende.link/bff4b1b
#OpenTelemetry #Observability #DuendeBFF #Diagnostics #Tracing
Let's look into a crucial "defense-in-depth" mechanism: SameSite cookies. Learn how this powerful browser flag adds extra protection against Cross-Site Request Forgery (CSRF) attacks.
Strengthen your #aspnetcore web applications!
youtu.be/goQlKiynWXU #dotnet
Strengthen your #aspnetcore web applications!
youtu.be/goQlKiynWXU #dotnet
SameSite Cookies 🍪
Welcome back to Duende Software's web security series! In this video, we're looking into a crucial "defense-in-depth" mechanism: SameSite cookies. Learn how this powerful browser flag can add an…
youtu.be
December 29, 2025 at 2:30 PM
Let's look into a crucial "defense-in-depth" mechanism: SameSite cookies. Learn how this powerful browser flag adds extra protection against Cross-Site Request Forgery (CSRF) attacks.
Strengthen your #aspnetcore web applications!
youtu.be/goQlKiynWXU #dotnet
Strengthen your #aspnetcore web applications!
youtu.be/goQlKiynWXU #dotnet
We built our own JWT Decoder tool - jwt.me! 🧐
Quickly inspect and validate your JSON Web Tokens. It features automatic public key (JWK) retrieval, inline claim explanations, and presenter mode.
Read all about it: duende.link/387skhq
#dotnet
Quickly inspect and validate your JSON Web Tokens. It features automatic public key (JWK) retrieval, inline claim explanations, and presenter mode.
Read all about it: duende.link/387skhq
#dotnet
Duende IdentityServer
Using this tool, you can decode and validate JSON Web Tokens (JWTs) issued by IdentityServer or another token issuer.
jwt.me
December 29, 2025 at 7:30 AM
We built our own JWT Decoder tool - jwt.me! 🧐
Quickly inspect and validate your JSON Web Tokens. It features automatic public key (JWK) retrieval, inline claim explanations, and presenter mode.
Read all about it: duende.link/387skhq
#dotnet
Quickly inspect and validate your JSON Web Tokens. It features automatic public key (JWK) retrieval, inline claim explanations, and presenter mode.
Read all about it: duende.link/387skhq
#dotnet
What are BCP? 🤷
💡 They are Best Current Practices, what the current knowledge and insights in the security world prescribe as the best solution to a given problem.
Security Lingo Explained: duende.link/lngobcp
#SecurityLingo #dotnet
💡 They are Best Current Practices, what the current knowledge and insights in the security world prescribe as the best solution to a given problem.
Security Lingo Explained: duende.link/lngobcp
#SecurityLingo #dotnet
Security Lingo Explained: BCP
Demystify the security acronym BCP (Best Current Practices) and learn what it means, how it's used, and why it changes over time.
duende.link
December 26, 2025 at 6:15 PM
What are BCP? 🤷
💡 They are Best Current Practices, what the current knowledge and insights in the security world prescribe as the best solution to a given problem.
Security Lingo Explained: duende.link/lngobcp
#SecurityLingo #dotnet
💡 They are Best Current Practices, what the current knowledge and insights in the security world prescribe as the best solution to a given problem.
Security Lingo Explained: duende.link/lngobcp
#SecurityLingo #dotnet
Why be a Duende Product Insider? Get a Direct Channel for deep technical talks, Early Access to features (Agentic AI, .NET 10), and Spec Authority on standards. For heavy-lifters solving the hardest identity problems.
➡️ duende.link/discord
#DuendeInsiders #SecurityExperts
➡️ duende.link/discord
#DuendeInsiders #SecurityExperts
Join the Duende Insiders Discord Server!
Check out the Duende Insiders community on Discord – hang out with 42 other members and enjoy free voice and text chat.
duende.link
December 26, 2025 at 1:01 PM
Why be a Duende Product Insider? Get a Direct Channel for deep technical talks, Early Access to features (Agentic AI, .NET 10), and Spec Authority on standards. For heavy-lifters solving the hardest identity problems.
➡️ duende.link/discord
#DuendeInsiders #SecurityExperts
➡️ duende.link/discord
#DuendeInsiders #SecurityExperts
You don't have to be Santa to get your security right. Duende IdentityServer is good for your elf-esteem!
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
❄️ duendesoftware.com/contact/news...
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
❄️ duendesoftware.com/contact/news...
December 24, 2025 at 8:02 PM
You don't have to be Santa to get your security right. Duende IdentityServer is good for your elf-esteem!
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
❄️ duendesoftware.com/contact/news...
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
❄️ duendesoftware.com/contact/news...
📢 .NET 10 is here, but what about security? 🤔
In this post, we explore missing security features in #dotnet 10 and discover how Duende Software fills the gaps for Token Management, DPoP, Blazor, and OAuth 2.0 Introspection!
duende.link/q13yifc
In this post, we explore missing security features in #dotnet 10 and discover how Duende Software fills the gaps for Token Management, DPoP, Blazor, and OAuth 2.0 Introspection!
duende.link/q13yifc
Duende Software - Identity and Access Management for .NET
We help companies using .NET to build identity and access control solutions for modern applications.
duende.link
December 24, 2025 at 3:45 PM
📢 .NET 10 is here, but what about security? 🤔
In this post, we explore missing security features in #dotnet 10 and discover how Duende Software fills the gaps for Token Management, DPoP, Blazor, and OAuth 2.0 Introspection!
duende.link/q13yifc
In this post, we explore missing security features in #dotnet 10 and discover how Duende Software fills the gaps for Token Management, DPoP, Blazor, and OAuth 2.0 Introspection!
duende.link/q13yifc
Be more like Kevin, build your own identity and security.
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
➡️ duendesoftware.com/contact/news...
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
➡️ duendesoftware.com/contact/news...
December 24, 2025 at 8:00 AM
Be more like Kevin, build your own identity and security.
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
➡️ duendesoftware.com/contact/news...
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
➡️ duendesoftware.com/contact/news...
Heads up, #dotnet developers! 🚀
.NET 10 is a great time to upgrade your application and its dependencies.
In this post, we look at key .NET 10 breaking changes you need to know about for a smooth upgrade.
👉 duende.link/89qegla
#aspnetcore
.NET 10 is a great time to upgrade your application and its dependencies.
In this post, we look at key .NET 10 breaking changes you need to know about for a smooth upgrade.
👉 duende.link/89qegla
#aspnetcore
Duende Software - Identity and Access Management for .NET
We help companies using .NET to build identity and access control solutions for modern applications.
duende.link
December 23, 2025 at 6:30 PM
Heads up, #dotnet developers! 🚀
.NET 10 is a great time to upgrade your application and its dependencies.
In this post, we look at key .NET 10 breaking changes you need to know about for a smooth upgrade.
👉 duende.link/89qegla
#aspnetcore
.NET 10 is a great time to upgrade your application and its dependencies.
In this post, we look at key .NET 10 breaking changes you need to know about for a smooth upgrade.
👉 duende.link/89qegla
#aspnetcore
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
❄️ duendesoftware.com/contact/news...
❄️ duendesoftware.com/contact/news...
December 23, 2025 at 3:02 PM
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
❄️ duendesoftware.com/contact/news...
❄️ duendesoftware.com/contact/news...
Need OIDC/OAuth? Snow big deal with Duende ❄️
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
➡️ duendesoftware.com/contact/news...
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
➡️ duendesoftware.com/contact/news...
December 22, 2025 at 8:01 PM
Need OIDC/OAuth? Snow big deal with Duende ❄️
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
➡️ duendesoftware.com/contact/news...
Subscribe to our newsletter to stay up-to-date with the latest from Duende!
➡️ duendesoftware.com/contact/news...
Ever wondered how browsers determine what kind of content they're displaying? It's usually through the Content-Type header. What happens when that's missing or incorrect? It can be a serious security risk!
Let's see how to fix this in #aspnetcore youtu.be/kSaSb2hBbyk #dotnet
Let's see how to fix this in #aspnetcore youtu.be/kSaSb2hBbyk #dotnet
Understanding the X-Content-Type-Options Header
Ever wondered how browsers determine what kind of content they're displaying? It's usually through the Content-Type header. But what happens when that's missing or incorrect? That's where MIME type…
youtu.be
December 22, 2025 at 5:30 PM
Ever wondered how browsers determine what kind of content they're displaying? It's usually through the Content-Type header. What happens when that's missing or incorrect? It can be a serious security risk!
Let's see how to fix this in #aspnetcore youtu.be/kSaSb2hBbyk #dotnet
Let's see how to fix this in #aspnetcore youtu.be/kSaSb2hBbyk #dotnet
What are BCP? 🤷
💡 They are Best Current Practices, what the current knowledge and insights in the security world prescribe as the best solution to a given problem.
Security Lingo Explained: duende.link/lngobcp
#SecurityLingo #dotnet
💡 They are Best Current Practices, what the current knowledge and insights in the security world prescribe as the best solution to a given problem.
Security Lingo Explained: duende.link/lngobcp
#SecurityLingo #dotnet
Security Lingo Explained: BCP
Demystify the security acronym BCP (Best Current Practices) and learn what it means, how it's used, and why it changes over time.
duende.link
December 22, 2025 at 1:30 PM
What are BCP? 🤷
💡 They are Best Current Practices, what the current knowledge and insights in the security world prescribe as the best solution to a given problem.
Security Lingo Explained: duende.link/lngobcp
#SecurityLingo #dotnet
💡 They are Best Current Practices, what the current knowledge and insights in the security world prescribe as the best solution to a given problem.
Security Lingo Explained: duende.link/lngobcp
#SecurityLingo #dotnet
Your opinion on that tricky DPoP implementation? We want it. Duende Product Insiders is the high-signal, zero-noise channel for advanced .NET identity and security discussions. Join Duende's Product Insiders.
➡️ duende.link/discord
#dotnet #ZeroNoise #Identity
➡️ duende.link/discord
#dotnet #ZeroNoise #Identity
Join the Duende Insiders Discord Server!
Check out the Duende Insiders community on Discord – hang out with 42 other members and enjoy free voice and text chat.
duende.link
December 22, 2025 at 8:01 AM
Your opinion on that tricky DPoP implementation? We want it. Duende Product Insiders is the high-signal, zero-noise channel for advanced .NET identity and security discussions. Join Duende's Product Insiders.
➡️ duende.link/discord
#dotnet #ZeroNoise #Identity
➡️ duende.link/discord
#dotnet #ZeroNoise #Identity
Duende IdentityServer v7.4 is here! 🎉 Shipping with .NET 10 LTS, so you can modernize your apps and build solutions engineered to last. 🔐
duende.link/5pwbntg
#Duende #IdentityServer #dotnet10 #LTS #AppSecurity
duende.link/5pwbntg
#Duende #IdentityServer #dotnet10 #LTS #AppSecurity
Duende IdentityServer v7.4 is now available
Duende IdentityServer v7.4 is here! Full compatibility with .NET 10 LTS, plus a standards-based foundation for agentic AI systems and MCP.
duende.link
December 19, 2025 at 10:00 PM
Duende IdentityServer v7.4 is here! 🎉 Shipping with .NET 10 LTS, so you can modernize your apps and build solutions engineered to last. 🔐
duende.link/5pwbntg
#Duende #IdentityServer #dotnet10 #LTS #AppSecurity
duende.link/5pwbntg
#Duende #IdentityServer #dotnet10 #LTS #AppSecurity
With .NET 10 LTS released, now is the time to look into upgrading #IdentityServer4 to Duende IdentityServer!
Fix known vulnerabilities and future-proof your security. Get support, FAPI 2.0 compliance, and more.
duende.link/uwo974g
#IdentityServer4 #OAuth2 #OIDC #dotnet
Fix known vulnerabilities and future-proof your security. Get support, FAPI 2.0 compliance, and more.
duende.link/uwo974g
#IdentityServer4 #OAuth2 #OIDC #dotnet
Duende Software - Identity and Access Management for .NET
We help companies using .NET to build identity and access control solutions for modern applications.
duende.link
December 19, 2025 at 5:30 PM
With .NET 10 LTS released, now is the time to look into upgrading #IdentityServer4 to Duende IdentityServer!
Fix known vulnerabilities and future-proof your security. Get support, FAPI 2.0 compliance, and more.
duende.link/uwo974g
#IdentityServer4 #OAuth2 #OIDC #dotnet
Fix known vulnerabilities and future-proof your security. Get support, FAPI 2.0 compliance, and more.
duende.link/uwo974g
#IdentityServer4 #OAuth2 #OIDC #dotnet
🛡️ BFF v4: Frontend Security Simplified
Frontend devs shouldn't handle tokens or refresh cycles. BFF keeps security on the server, eliminating XSS risks.
v4 adds multi-frontend support for operational sanity. Ditch the token burden entirely.
➡️ duende.link/bff4b0b
Frontend devs shouldn't handle tokens or refresh cycles. BFF keeps security on the server, eliminating XSS risks.
v4 adds multi-frontend support for operational sanity. Ditch the token burden entirely.
➡️ duende.link/bff4b0b
Duende BFFv4 is now available
Duende BFFv4 is now available! Learn about multi-frontend, simplified security, and unlock end-to-end visibility with OpenTelemetry.
duende.link
December 19, 2025 at 8:00 AM
🛡️ BFF v4: Frontend Security Simplified
Frontend devs shouldn't handle tokens or refresh cycles. BFF keeps security on the server, eliminating XSS risks.
v4 adds multi-frontend support for operational sanity. Ditch the token burden entirely.
➡️ duende.link/bff4b0b
Frontend devs shouldn't handle tokens or refresh cycles. BFF keeps security on the server, eliminating XSS risks.
v4 adds multi-frontend support for operational sanity. Ditch the token burden entirely.
➡️ duende.link/bff4b0b
Let's look into a crucial "defense-in-depth" mechanism: SameSite cookies. Learn how this powerful browser flag adds extra protection against Cross-Site Request Forgery (CSRF) attacks.
Strengthen your #aspnetcore web applications!
youtu.be/goQlKiynWXU #dotnet
Strengthen your #aspnetcore web applications!
youtu.be/goQlKiynWXU #dotnet
SameSite Cookies 🍪
Welcome back to Duende Software's web security series! In this video, we're looking into a crucial "defense-in-depth" mechanism: SameSite cookies. Learn how this powerful browser flag can add an…
youtu.be
December 18, 2025 at 4:15 PM
Let's look into a crucial "defense-in-depth" mechanism: SameSite cookies. Learn how this powerful browser flag adds extra protection against Cross-Site Request Forgery (CSRF) attacks.
Strengthen your #aspnetcore web applications!
youtu.be/goQlKiynWXU #dotnet
Strengthen your #aspnetcore web applications!
youtu.be/goQlKiynWXU #dotnet
Identity developers, lead the way! Join Duende Product Insiders: Directly influence the roadmap, get early feature access, and collaborate with senior experts. Your expertise is needed.
Apply today: duende.link/discord
#DuendeInsiders #SecurityExperts
Apply today: duende.link/discord
#DuendeInsiders #SecurityExperts
Join the Duende Insiders Discord Server!
Check out the Duende Insiders community on Discord – hang out with 42 other members and enjoy free voice and text chat.
duende.link
December 18, 2025 at 8:01 AM
Identity developers, lead the way! Join Duende Product Insiders: Directly influence the roadmap, get early feature access, and collaborate with senior experts. Your expertise is needed.
Apply today: duende.link/discord
#DuendeInsiders #SecurityExperts
Apply today: duende.link/discord
#DuendeInsiders #SecurityExperts
Happy Holidays from the Duende Team! 🎄
As the year winds down, we want to thank our amazing community for trusting Duende Software to secure your applications. We wish you and yours a wonderful holiday season filled with joy, rest, and peace.
Wishing you safe deployments and happy days!
As the year winds down, we want to thank our amazing community for trusting Duende Software to secure your applications. We wish you and yours a wonderful holiday season filled with joy, rest, and peace.
Wishing you safe deployments and happy days!
December 17, 2025 at 5:02 PM
Happy Holidays from the Duende Team! 🎄
As the year winds down, we want to thank our amazing community for trusting Duende Software to secure your applications. We wish you and yours a wonderful holiday season filled with joy, rest, and peace.
Wishing you safe deployments and happy days!
As the year winds down, we want to thank our amazing community for trusting Duende Software to secure your applications. We wish you and yours a wonderful holiday season filled with joy, rest, and peace.
Wishing you safe deployments and happy days!
Secure your native applications, like mobile and desktop applications, using #IdentityServer 🔐
In this video, we cover why in-app login pages are outdated, the role of the browser, the Duende OidcClient library, secure token storage, and more!
youtu.be/7_OzM1c-STk #oauth #oidc #dotnet #identity
In this video, we cover why in-app login pages are outdated, the role of the browser, the Duende OidcClient library, secure token storage, and more!
youtu.be/7_OzM1c-STk #oauth #oidc #dotnet #identity
Mobile and Desktop Applications
Secure your native applications, like mobile and desktop applications using IdentityServer
0:00 Introduction
0:38 Anti pattern: In-app login page
1:19 Why not resource owner password flow?
2:03 Role…
youtu.be
December 17, 2025 at 3:24 PM
Secure your native applications, like mobile and desktop applications, using #IdentityServer 🔐
In this video, we cover why in-app login pages are outdated, the role of the browser, the Duende OidcClient library, secure token storage, and more!
youtu.be/7_OzM1c-STk #oauth #oidc #dotnet #identity
In this video, we cover why in-app login pages are outdated, the role of the browser, the Duende OidcClient library, secure token storage, and more!
youtu.be/7_OzM1c-STk #oauth #oidc #dotnet #identity
.NET 10 is a great time to upgrade your application and its dependencies.
In this post, we look at key .NET 10 breaking changes you need to know about for a smooth upgrade.
👉 duende.link/89qegla
#aspnetcore
In this post, we look at key .NET 10 breaking changes you need to know about for a smooth upgrade.
👉 duende.link/89qegla
#aspnetcore
Duende Software - Identity and Access Management for .NET
We help companies using .NET to build identity and access control solutions for modern applications.
duende.link
December 17, 2025 at 7:30 AM
.NET 10 is a great time to upgrade your application and its dependencies.
In this post, we look at key .NET 10 breaking changes you need to know about for a smooth upgrade.
👉 duende.link/89qegla
#aspnetcore
In this post, we look at key .NET 10 breaking changes you need to know about for a smooth upgrade.
👉 duende.link/89qegla
#aspnetcore
Stop wishing for a feature. Start building it with us. The Duende Product Insiders program is your channel for direct influence on the IdentityServer and BFF roadmap.
Join the Insiders: duende.link/discord
#DuendeSoftware #IdentityServer
Join the Insiders: duende.link/discord
#DuendeSoftware #IdentityServer
Join the Duende Insiders Discord Server!
Check out the Duende Insiders community on Discord – hang out with 42 other members and enjoy free voice and text chat.
duende.link
December 16, 2025 at 8:00 PM
Stop wishing for a feature. Start building it with us. The Duende Product Insiders program is your channel for direct influence on the IdentityServer and BFF roadmap.
Join the Insiders: duende.link/discord
#DuendeSoftware #IdentityServer
Join the Insiders: duende.link/discord
#DuendeSoftware #IdentityServer
DPoP is not shorthand for Danish pop music. 🎶
Instead, Demonstrating Proof of Possession (DPoP) is used to fight back against token replay attacks in OpenID Connect and OAuth.
Security Lingo Explained: duende.link/lgodpop
#SecurityLingo #dotnet
Instead, Demonstrating Proof of Possession (DPoP) is used to fight back against token replay attacks in OpenID Connect and OAuth.
Security Lingo Explained: duende.link/lgodpop
#SecurityLingo #dotnet
Security Lingo Explained: DPoP
DPoP (Demonstrating Proof of Possession) uses asymmetric keys to secure OpenID Connect and OAuth against token replay attacks.
duende.link
December 16, 2025 at 1:15 PM
DPoP is not shorthand for Danish pop music. 🎶
Instead, Demonstrating Proof of Possession (DPoP) is used to fight back against token replay attacks in OpenID Connect and OAuth.
Security Lingo Explained: duende.link/lgodpop
#SecurityLingo #dotnet
Instead, Demonstrating Proof of Possession (DPoP) is used to fight back against token replay attacks in OpenID Connect and OAuth.
Security Lingo Explained: duende.link/lgodpop
#SecurityLingo #dotnet
Is 'Auth' just one thing? 🤔 Developers often use it as shorthand, but it's ambiguous!
Learn the critical difference between Authentication (AuthN) and Authorization (AuthZ) in our latest post: duende.link/lgoauth
#SecurityLingo #dotnet
Learn the critical difference between Authentication (AuthN) and Authorization (AuthZ) in our latest post: duende.link/lgoauth
#SecurityLingo #dotnet
Security Lingo Explained: Auth
Learn and understand the key difference between Authentication (AuthN) and Authorization (AuthZ)
duende.link
December 15, 2025 at 6:00 AM
Is 'Auth' just one thing? 🤔 Developers often use it as shorthand, but it's ambiguous!
Learn the critical difference between Authentication (AuthN) and Authorization (AuthZ) in our latest post: duende.link/lgoauth
#SecurityLingo #dotnet
Learn the critical difference between Authentication (AuthN) and Authorization (AuthZ) in our latest post: duende.link/lgoauth
#SecurityLingo #dotnet