Duende Software
@duendesoftware.com
Duende Software. Makers of Duende IdentityServer and the BFF security framework. https://duendesoftware.com https://youtube.com/@duendesoftware
JWTs are the industry standard, but are they right for your specific architecture?
We’re breaking down the strategic trade-offs between JWTs vs. Opaque Tokens.
🔗 March 3rd. Be there: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
We’re breaking down the strategic trade-offs between JWTs vs. Opaque Tokens.
🔗 March 3rd. Be there: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
Livestream: Are your access tokens really secure?
Are your APIs vulnerable? Explore JWT pitfalls, learn to prevent exploits, and compare JWTs vs. opaque tokens in this expert-led session.
duende.link
February 13, 2026 at 7:01 PM
JWTs are the industry standard, but are they right for your specific architecture?
We’re breaking down the strategic trade-offs between JWTs vs. Opaque Tokens.
🔗 March 3rd. Be there: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
We’re breaking down the strategic trade-offs between JWTs vs. Opaque Tokens.
🔗 March 3rd. Be there: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
Stability is a community asset. 💪 Aligning with the Microsoft #LTS schedule provides a shared timeline for the industry. We can all plan, budget, and coordinate releases together.
Predictability helps the whole community function better.
Learn More: duende.link/5pwbntg
#aspnet #dotnet
Predictability helps the whole community function better.
Learn More: duende.link/5pwbntg
#aspnet #dotnet
Duende IdentityServer v7.4 is now available
Duende IdentityServer v7.4 is here! Full compatibility with .NET 10 LTS, plus a standards-based foundation for agentic AI systems and MCP.
duende.link
February 13, 2026 at 2:02 PM
Stability is a community asset. 💪 Aligning with the Microsoft #LTS schedule provides a shared timeline for the industry. We can all plan, budget, and coordinate releases together.
Predictability helps the whole community function better.
Learn More: duende.link/5pwbntg
#aspnet #dotnet
Predictability helps the whole community function better.
Learn More: duende.link/5pwbntg
#aspnet #dotnet
The Duende Product Insiders program is our dedicated listening channel. We share early design documents and prototypes with the Duende Insiders to get honest and impactful feedback.
Help us build the solutions that empowers you and your peers.
Learn more: youtube.com/shorts/nTnaq...
#aspnet
Help us build the solutions that empowers you and your peers.
Learn more: youtube.com/shorts/nTnaq...
#aspnet
Duende Product Insiders Program #dotnet #aspnet #aspnetcore
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide. A no-fluff zone for mission-critical systems.
Apply: duende.link/insiders
youtube.com
February 13, 2026 at 7:01 AM
The Duende Product Insiders program is our dedicated listening channel. We share early design documents and prototypes with the Duende Insiders to get honest and impactful feedback.
Help us build the solutions that empowers you and your peers.
Learn more: youtube.com/shorts/nTnaq...
#aspnet
Help us build the solutions that empowers you and your peers.
Learn more: youtube.com/shorts/nTnaq...
#aspnet
We build better software when we listen. Product Insiders is our listening channel. We share early designs to get direct feedback. Help us build the tools you need.
Apply Today: duende.link/insiders
#aspnet #aspnetcore #dotnet
Apply Today: duende.link/insiders
#aspnet #aspnetcore #dotnet
February 12, 2026 at 1:02 PM
We build better software when we listen. Product Insiders is our listening channel. We share early designs to get direct feedback. Help us build the tools you need.
Apply Today: duende.link/insiders
#aspnet #aspnetcore #dotnet
Apply Today: duende.link/insiders
#aspnet #aspnetcore #dotnet
Simplify your identity mess! 🤯
Learn how a Federation Gateway with Duende IdentityServer orchestrates all your IdPs (Entra ID, Google, SAML) for unified, agile security. Must-read architecture deep dive!
duende.link/8aefizq
#IdentityOrchestration #SSO #Security #dotnet
Learn how a Federation Gateway with Duende IdentityServer orchestrates all your IdPs (Entra ID, Google, SAML) for unified, agile security. Must-read architecture deep dive!
duende.link/8aefizq
#IdentityOrchestration #SSO #Security #dotnet
Building a Federation Gateway with Duende IdentityServer: Strategies and Considerations for Identity Orchestration
Learn the core benefits of building a federation gateway that brings together Entra ID, Okta, SAML, Auth0 though a centralized authentication provider like DUende IdentityServer.
duende.link
February 12, 2026 at 7:30 AM
Simplify your identity mess! 🤯
Learn how a Federation Gateway with Duende IdentityServer orchestrates all your IdPs (Entra ID, Google, SAML) for unified, agile security. Must-read architecture deep dive!
duende.link/8aefizq
#IdentityOrchestration #SSO #Security #dotnet
Learn how a Federation Gateway with Duende IdentityServer orchestrates all your IdPs (Entra ID, Google, SAML) for unified, agile security. Must-read architecture deep dive!
duende.link/8aefizq
#IdentityOrchestration #SSO #Security #dotnet
.NET 10 performance benefits everyone. By optimizing IdentityServer for the new runtime, we pass those gains down to every application that relies on us.
Reduced CPU cycles in auth mean lower cloud bills for the entire community.
Learn More: duende.link/is74b0b
#dotnet #aspnet #aspnetcore
Reduced CPU cycles in auth mean lower cloud bills for the entire community.
Learn More: duende.link/is74b0b
#dotnet #aspnet #aspnetcore
Duende IdentityServer v7.4 is now available
Duende IdentityServer v7.4 is here! Full compatibility with .NET 10 LTS, plus a standards-based foundation for agentic AI systems and MCP.
duende.link
February 12, 2026 at 12:30 AM
.NET 10 performance benefits everyone. By optimizing IdentityServer for the new runtime, we pass those gains down to every application that relies on us.
Reduced CPU cycles in auth mean lower cloud bills for the entire community.
Learn More: duende.link/is74b0b
#dotnet #aspnet #aspnetcore
Reduced CPU cycles in auth mean lower cloud bills for the entire community.
Learn More: duende.link/is74b0b
#dotnet #aspnet #aspnetcore
What does the security acronym "OP" stand for? 🤔
Learn what "OpenID Connect Provider" means in the world of security specifications and authorization servers.
duende.link/7642naa
#dotnet #securitylingo
Learn what "OpenID Connect Provider" means in the world of security specifications and authorization servers.
duende.link/7642naa
#dotnet #securitylingo
Security Lingo Explained: OP
Learn what OpenID Connect Provider means in the world of security specifications and authorization servers.
duende.link
February 11, 2026 at 7:15 PM
What does the security acronym "OP" stand for? 🤔
Learn what "OpenID Connect Provider" means in the world of security specifications and authorization servers.
duende.link/7642naa
#dotnet #securitylingo
Learn what "OpenID Connect Provider" means in the world of security specifications and authorization servers.
duende.link/7642naa
#dotnet #securitylingo
Duende v7.4 is the identity standard for the AI era. It's RFC 8414 + DCR completion, making your IdentityServer the secure gateway for MCP Servers and Agentic AI. Use standards to secure the future. #DuendeV74 #StandardsAreTheKey #AI #dotnet
duende.link/wy4w32f
duende.link/wy4w32f
Scaling with Duende IdentityServer, MCP, and AI
Learn to leverage the Model Context Protocol (MCP) to securely scale AI agents and mitigate LLM errors with existing systems using Duende IdentityServer.
duende.link
February 11, 2026 at 3:04 PM
Duende v7.4 is the identity standard for the AI era. It's RFC 8414 + DCR completion, making your IdentityServer the secure gateway for MCP Servers and Agentic AI. Use standards to secure the future. #DuendeV74 #StandardsAreTheKey #AI #dotnet
duende.link/wy4w32f
duende.link/wy4w32f
Cookies are essential for web applications, but did you know they can be vulnerable to JavaScript attacks? In this video, we look at the HttpOnly flag and show you how to protect your cookies from malicious JavaScript access!
youtu.be/ZMDBX9T8Z7o
#SecurityTips #dotnet
youtu.be/ZMDBX9T8Z7o
#SecurityTips #dotnet
HttpOnly Cookies with IdentityServer
Cookies are essential for web applications, but did you know they can be vulnerable to JavaScript attacks? In this video, we look at the HttpOnly flag and show you how to protect your cookies from…
youtu.be
February 11, 2026 at 8:45 AM
Cookies are essential for web applications, but did you know they can be vulnerable to JavaScript attacks? In this video, we look at the HttpOnly flag and show you how to protect your cookies from malicious JavaScript access!
youtu.be/ZMDBX9T8Z7o
#SecurityTips #dotnet
youtu.be/ZMDBX9T8Z7o
#SecurityTips #dotnet
In this video, we look deeper into critical security-related HTTP headers that can significantly strengthen your website's defenses. Expect X-Content-Type-Options, Referrer-Policy:, X-FRAME-OPTIONS, Content Security Policy (CSP), ...
youtu.be/OztgrdMQG94 #dotnet #aspnetcore #SecurityTips
youtu.be/OztgrdMQG94 #dotnet #aspnetcore #SecurityTips
MORE Essential HTTP Headers
In this video, we look deeper into critical security-related HTTP headers that can significantly strengthen your website's defenses.
What you'll learn in this video:
* X-Content-Type-Options:…
youtu.be
February 10, 2026 at 9:30 PM
In this video, we look deeper into critical security-related HTTP headers that can significantly strengthen your website's defenses. Expect X-Content-Type-Options, Referrer-Policy:, X-FRAME-OPTIONS, Content Security Policy (CSP), ...
youtu.be/OztgrdMQG94 #dotnet #aspnetcore #SecurityTips
youtu.be/OztgrdMQG94 #dotnet #aspnetcore #SecurityTips
No more overprivileged access tokens? 🔑
Implement strict trust boundaries in your APIs with resource isolation (#OAuth RFC 8707).
Learn how to configure it in Duende IdentityServer: duende.link/87qt2j
#dotnet
Implement strict trust boundaries in your APIs with resource isolation (#OAuth RFC 8707).
Learn how to configure it in Duende IdentityServer: duende.link/87qt2j
#dotnet
Implementing Zero Trust with Resource Isolation
Learn how to enforce strict trust boundaries between your APIs and prevent overprivileged access tokens by adopting Resource Isolation, based on OAuth 2.0's RFC 8707, with Duende IdentityServer.
duende.link
February 10, 2026 at 6:00 PM
No more overprivileged access tokens? 🔑
Implement strict trust boundaries in your APIs with resource isolation (#OAuth RFC 8707).
Learn how to configure it in Duende IdentityServer: duende.link/87qt2j
#dotnet
Implement strict trust boundaries in your APIs with resource isolation (#OAuth RFC 8707).
Learn how to configure it in Duende IdentityServer: duende.link/87qt2j
#dotnet
Should you blindly trust JWTs for accessing APIs? 😟
You’ve got OAuth 2.0 and JWTs, but a single misconfiguration in your library can leave you wide open. Join Wesley to see why "standard" validation isn't always enough.
🔗 Be there on March 3rd: duende.link/lsjwt26
#OAuth2 #DotNet #JWT
You’ve got OAuth 2.0 and JWTs, but a single misconfiguration in your library can leave you wide open. Join Wesley to see why "standard" validation isn't always enough.
🔗 Be there on March 3rd: duende.link/lsjwt26
#OAuth2 #DotNet #JWT
February 10, 2026 at 7:00 AM
Should you blindly trust JWTs for accessing APIs? 😟
You’ve got OAuth 2.0 and JWTs, but a single misconfiguration in your library can leave you wide open. Join Wesley to see why "standard" validation isn't always enough.
🔗 Be there on March 3rd: duende.link/lsjwt26
#OAuth2 #DotNet #JWT
You’ve got OAuth 2.0 and JWTs, but a single misconfiguration in your library can leave you wide open. Join Wesley to see why "standard" validation isn't always enough.
🔗 Be there on March 3rd: duende.link/lsjwt26
#OAuth2 #DotNet #JWT
The best optimization is the one you don't write. Upgrading to .NET 10 delivers throughput gains purely through runtime improvements.
Get a "free" boost by updating the package.
Learn more: duende.link/5pwbntg
#aspnet #dotnet
Get a "free" boost by updating the package.
Learn more: duende.link/5pwbntg
#aspnet #dotnet
Duende IdentityServer v7.4 is now available
Duende IdentityServer v7.4 is here! Full compatibility with .NET 10 LTS, plus a standards-based foundation for agentic AI systems and MCP.
duende.link
February 9, 2026 at 7:02 PM
The best optimization is the one you don't write. Upgrading to .NET 10 delivers throughput gains purely through runtime improvements.
Get a "free" boost by updating the package.
Learn more: duende.link/5pwbntg
#aspnet #dotnet
Get a "free" boost by updating the package.
Learn more: duende.link/5pwbntg
#aspnet #dotnet
What is PAR in security lingo? 🤔
Pushed Authorization Requests is a standard that moves authorization parameters off the URL to a secure back channel. Protect PII, prevent tampering, and shorten URLs!
Read more: duende.link/ej2w3u
#dotnet #securitylingo
Pushed Authorization Requests is a standard that moves authorization parameters off the URL to a secure back channel. Protect PII, prevent tampering, and shorten URLs!
Read more: duende.link/ej2w3u
#dotnet #securitylingo
Security Lingo Explained: PAR
Pushed Authorization Requests (PAR) is an OAuth standard that enhances the security of OAuth and OpenID Connect flows by moving authorization parameters from the front channel to the back channel,…
duende.link
February 9, 2026 at 5:30 PM
What is PAR in security lingo? 🤔
Pushed Authorization Requests is a standard that moves authorization parameters off the URL to a secure back channel. Protect PII, prevent tampering, and shorten URLs!
Read more: duende.link/ej2w3u
#dotnet #securitylingo
Pushed Authorization Requests is a standard that moves authorization parameters off the URL to a secure back channel. Protect PII, prevent tampering, and shorten URLs!
Read more: duende.link/ej2w3u
#dotnet #securitylingo
Join us as we continue our journey through essential security-related HTTP headers! In this video, we look at Referrer-Policy, a crucial header that gives you control over what information is sent in the Referer header.
youtu.be/ez77PZb9wfU #dotnet #SecurityTips #aspnetcore
youtu.be/ez77PZb9wfU #dotnet #SecurityTips #aspnetcore
February 9, 2026 at 1:01 PM
Join us as we continue our journey through essential security-related HTTP headers! In this video, we look at Referrer-Policy, a crucial header that gives you control over what information is sent in the Referer header.
youtu.be/ez77PZb9wfU #dotnet #SecurityTips #aspnetcore
youtu.be/ez77PZb9wfU #dotnet #SecurityTips #aspnetcore
Your best defense is collective knowledge. The Insiders' community acts as a radar for emerging .NET security and identity trends. Don't wait for the blog post; define best practices with us today.
Apply: duende.link/insiders
#aspnet #dotnet
Apply: duende.link/insiders
#aspnet #dotnet
Duende Product Insiders
We invite you to join a deeply technical, standards-driven community to help shape the future of .NET security and identity.
duende.link
February 9, 2026 at 7:00 AM
Your best defense is collective knowledge. The Insiders' community acts as a radar for emerging .NET security and identity trends. Don't wait for the blog post; define best practices with us today.
Apply: duende.link/insiders
#aspnet #dotnet
Apply: duende.link/insiders
#aspnet #dotnet
Standards evolve because people participate. Insiders help shape the roadmap. When we prototype new features, we ask the community how they fit real-world architectures.
Learn More ➡️ youtube.com/shorts/TJBk1...
#aspnet #aspnetcore #dotnet
Learn More ➡️ youtube.com/shorts/TJBk1...
#aspnet #aspnetcore #dotnet
Duende Product Insiders #dotnet #aspnet #aspnetcore
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide.
Apply: duende.link/insiders
youtube.com
February 6, 2026 at 6:03 PM
Standards evolve because people participate. Insiders help shape the roadmap. When we prototype new features, we ask the community how they fit real-world architectures.
Learn More ➡️ youtube.com/shorts/TJBk1...
#aspnet #aspnetcore #dotnet
Learn More ➡️ youtube.com/shorts/TJBk1...
#aspnet #aspnetcore #dotnet
.NET 10 brings massive performance gains. IdentityServer leverages these immediately, showing reduced allocation rates in the token validation path.
Read more ➡️ duende.link/5pwbntg
#aspnet #dotnet
Read more ➡️ duende.link/5pwbntg
#aspnet #dotnet
Duende IdentityServer v7.4 is now available
Duende IdentityServer v7.4 is here! Full compatibility with .NET 10 LTS, plus a standards-based foundation for agentic AI systems and MCP.
duende.link
February 6, 2026 at 3:01 PM
.NET 10 brings massive performance gains. IdentityServer leverages these immediately, showing reduced allocation rates in the token validation path.
Read more ➡️ duende.link/5pwbntg
#aspnet #dotnet
Read more ➡️ duende.link/5pwbntg
#aspnet #dotnet
Identity is hard. Building it alone is harder. 🤝
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide. A no-fluff zone for mission-critical systems.
Learn More: youtube.com/shorts/nTnaq...
#aspnet #aspnetcore #dotnet
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide. A no-fluff zone for mission-critical systems.
Learn More: youtube.com/shorts/nTnaq...
#aspnet #aspnetcore #dotnet
Duende Product Insiders Program #dotnet #aspnet #aspnetcore
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide. A no-fluff zone for mission-critical systems.
Apply: duende.link/insiders
youtube.com
February 6, 2026 at 2:03 PM
Identity is hard. Building it alone is harder. 🤝
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide. A no-fluff zone for mission-critical systems.
Learn More: youtube.com/shorts/nTnaq...
#aspnet #aspnetcore #dotnet
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide. A no-fluff zone for mission-critical systems.
Learn More: youtube.com/shorts/nTnaq...
#aspnet #aspnetcore #dotnet
Tired of watching your AI agents run around with manual client secrets? We’ve baked in RFC 8414 so your MCP servers can use proper DCR. No more duct tape. 🔐 Build standards-based, secure AI systems. #DontBeThatGuy #Standards #Identity
duende.link/wy4w32f
duende.link/wy4w32f
Scaling with Duende IdentityServer, MCP, and AI
Learn to leverage the Model Context Protocol (MCP) to securely scale AI agents and mitigate LLM errors with existing systems using Duende IdentityServer.
duende.link
February 6, 2026 at 7:01 AM
Tired of watching your AI agents run around with manual client secrets? We’ve baked in RFC 8414 so your MCP servers can use proper DCR. No more duct tape. 🔐 Build standards-based, secure AI systems. #DontBeThatGuy #Standards #Identity
duende.link/wy4w32f
duende.link/wy4w32f
SaaS providers are black boxes. Duende gives you full source access. Step-through to understand exactly how it all works.
Learn More: duende.link/2swrhhw
#aspnet #aspnetcore #dotnet
Learn More: duende.link/2swrhhw
#aspnet #aspnetcore #dotnet
Duende IdentityServer
The most flexible and standards-compliant OpenID Connect and OAuth framework for ASP.NET Core.
duende.link
February 5, 2026 at 5:01 PM
SaaS providers are black boxes. Duende gives you full source access. Step-through to understand exactly how it all works.
Learn More: duende.link/2swrhhw
#aspnet #aspnetcore #dotnet
Learn More: duende.link/2swrhhw
#aspnet #aspnetcore #dotnet
Cookies are essential for web applications, but did you know they can be vulnerable to JavaScript attacks? In this video, we look at the HttpOnly flag and show you how to protect your cookies from malicious JavaScript access!
youtu.be/ZMDBX9T8Z7o
#WebSecurity #ASPNETCore #SecurityTips #dotnet
youtu.be/ZMDBX9T8Z7o
#WebSecurity #ASPNETCore #SecurityTips #dotnet
February 5, 2026 at 2:35 PM
Cookies are essential for web applications, but did you know they can be vulnerable to JavaScript attacks? In this video, we look at the HttpOnly flag and show you how to protect your cookies from malicious JavaScript access!
youtu.be/ZMDBX9T8Z7o
#WebSecurity #ASPNETCore #SecurityTips #dotnet
youtu.be/ZMDBX9T8Z7o
#WebSecurity #ASPNETCore #SecurityTips #dotnet
Security you can’t prove isn’t security, it’s hope.
Stop relying on manual checks. We’re showing you how to automate your security testing to ensure your API only accepts your trusted tokens.
🔗 March 3rd. Be there: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
Stop relying on manual checks. We’re showing you how to automate your security testing to ensure your API only accepts your trusted tokens.
🔗 March 3rd. Be there: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
Livestream: Are your access tokens really secure?
Are your APIs vulnerable? Explore JWT pitfalls, learn to prevent exploits, and compare JWTs vs. opaque tokens in this expert-led session.
duende.link
February 5, 2026 at 2:00 PM
Security you can’t prove isn’t security, it’s hope.
Stop relying on manual checks. We’re showing you how to automate your security testing to ensure your API only accepts your trusted tokens.
🔗 March 3rd. Be there: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
Stop relying on manual checks. We’re showing you how to automate your security testing to ensure your API only accepts your trusted tokens.
🔗 March 3rd. Be there: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
Standards evolve because people participate. Insiders help shape the roadmap. When we prototype new features, we ask the community how they fit real-world architectures.
Apply: duende.link/insiders
#aspnet #dotnet
Apply: duende.link/insiders
#aspnet #dotnet
Duende Product Insiders
We invite you to join a deeply technical, standards-driven community to help shape the future of .NET security and identity.
duende.link
February 4, 2026 at 9:00 PM
Standards evolve because people participate. Insiders help shape the roadmap. When we prototype new features, we ask the community how they fit real-world architectures.
Apply: duende.link/insiders
#aspnet #dotnet
Apply: duende.link/insiders
#aspnet #dotnet
Don't let AI hallucinate credentials. Custom registration hacks are out; standards are in. Duende v7.4 uses RFC 8414 to give MCP clients reliable metadata. Use DCR the way it was meant to be used. Stop guessing, start conforming. It’s easier and safer. 🛡️
Scaling with Duende IdentityServer, MCP, and AI
Learn to leverage the Model Context Protocol (MCP) to securely scale AI agents and mitigate LLM errors with existing systems using Duende IdentityServer.
duende.link
February 4, 2026 at 6:04 PM
Don't let AI hallucinate credentials. Custom registration hacks are out; standards are in. Duende v7.4 uses RFC 8414 to give MCP clients reliable metadata. Use DCR the way it was meant to be used. Stop guessing, start conforming. It’s easier and safer. 🛡️