Duende Software
@duendesoftware.com
Duende Software. Makers of Duende IdentityServer and the BFF security framework. https://duendesoftware.com https://youtube.com/@duendesoftware
.NET 10 performance benefits everyone. By optimizing IdentityServer for the new runtime, we pass those gains down to every application that relies on us.
Reduced CPU cycles in auth mean lower cloud bills for the entire community.
Learn More: duende.link/is74b0b
#dotnet #aspnet #aspnetcore
Reduced CPU cycles in auth mean lower cloud bills for the entire community.
Learn More: duende.link/is74b0b
#dotnet #aspnet #aspnetcore
Duende IdentityServer v7.4 is now available
Duende IdentityServer v7.4 is here! Full compatibility with .NET 10 LTS, plus a standards-based foundation for agentic AI systems and MCP.
duende.link
February 12, 2026 at 12:30 AM
.NET 10 performance benefits everyone. By optimizing IdentityServer for the new runtime, we pass those gains down to every application that relies on us.
Reduced CPU cycles in auth mean lower cloud bills for the entire community.
Learn More: duende.link/is74b0b
#dotnet #aspnet #aspnetcore
Reduced CPU cycles in auth mean lower cloud bills for the entire community.
Learn More: duende.link/is74b0b
#dotnet #aspnet #aspnetcore
What does the security acronym "OP" stand for? 🤔
Learn what "OpenID Connect Provider" means in the world of security specifications and authorization servers.
duende.link/7642naa
#dotnet #securitylingo
Learn what "OpenID Connect Provider" means in the world of security specifications and authorization servers.
duende.link/7642naa
#dotnet #securitylingo
Security Lingo Explained: OP
Learn what OpenID Connect Provider means in the world of security specifications and authorization servers.
duende.link
February 11, 2026 at 7:15 PM
What does the security acronym "OP" stand for? 🤔
Learn what "OpenID Connect Provider" means in the world of security specifications and authorization servers.
duende.link/7642naa
#dotnet #securitylingo
Learn what "OpenID Connect Provider" means in the world of security specifications and authorization servers.
duende.link/7642naa
#dotnet #securitylingo
Duende v7.4 is the identity standard for the AI era. It's RFC 8414 + DCR completion, making your IdentityServer the secure gateway for MCP Servers and Agentic AI. Use standards to secure the future. #DuendeV74 #StandardsAreTheKey #AI #dotnet
duende.link/wy4w32f
duende.link/wy4w32f
Scaling with Duende IdentityServer, MCP, and AI
Learn to leverage the Model Context Protocol (MCP) to securely scale AI agents and mitigate LLM errors with existing systems using Duende IdentityServer.
duende.link
February 11, 2026 at 3:04 PM
Duende v7.4 is the identity standard for the AI era. It's RFC 8414 + DCR completion, making your IdentityServer the secure gateway for MCP Servers and Agentic AI. Use standards to secure the future. #DuendeV74 #StandardsAreTheKey #AI #dotnet
duende.link/wy4w32f
duende.link/wy4w32f
Cookies are essential for web applications, but did you know they can be vulnerable to JavaScript attacks? In this video, we look at the HttpOnly flag and show you how to protect your cookies from malicious JavaScript access!
youtu.be/ZMDBX9T8Z7o
#SecurityTips #dotnet
youtu.be/ZMDBX9T8Z7o
#SecurityTips #dotnet
HttpOnly Cookies with IdentityServer
Cookies are essential for web applications, but did you know they can be vulnerable to JavaScript attacks? In this video, we look at the HttpOnly flag and show you how to protect your cookies from…
youtu.be
February 11, 2026 at 8:45 AM
Cookies are essential for web applications, but did you know they can be vulnerable to JavaScript attacks? In this video, we look at the HttpOnly flag and show you how to protect your cookies from malicious JavaScript access!
youtu.be/ZMDBX9T8Z7o
#SecurityTips #dotnet
youtu.be/ZMDBX9T8Z7o
#SecurityTips #dotnet
In this video, we look deeper into critical security-related HTTP headers that can significantly strengthen your website's defenses. Expect X-Content-Type-Options, Referrer-Policy:, X-FRAME-OPTIONS, Content Security Policy (CSP), ...
youtu.be/OztgrdMQG94 #dotnet #aspnetcore #SecurityTips
youtu.be/OztgrdMQG94 #dotnet #aspnetcore #SecurityTips
MORE Essential HTTP Headers
In this video, we look deeper into critical security-related HTTP headers that can significantly strengthen your website's defenses.
What you'll learn in this video:
* X-Content-Type-Options:…
youtu.be
February 10, 2026 at 9:30 PM
In this video, we look deeper into critical security-related HTTP headers that can significantly strengthen your website's defenses. Expect X-Content-Type-Options, Referrer-Policy:, X-FRAME-OPTIONS, Content Security Policy (CSP), ...
youtu.be/OztgrdMQG94 #dotnet #aspnetcore #SecurityTips
youtu.be/OztgrdMQG94 #dotnet #aspnetcore #SecurityTips
No more overprivileged access tokens? 🔑
Implement strict trust boundaries in your APIs with resource isolation (#OAuth RFC 8707).
Learn how to configure it in Duende IdentityServer: duende.link/87qt2j
#dotnet
Implement strict trust boundaries in your APIs with resource isolation (#OAuth RFC 8707).
Learn how to configure it in Duende IdentityServer: duende.link/87qt2j
#dotnet
Implementing Zero Trust with Resource Isolation
Learn how to enforce strict trust boundaries between your APIs and prevent overprivileged access tokens by adopting Resource Isolation, based on OAuth 2.0's RFC 8707, with Duende IdentityServer.
duende.link
February 10, 2026 at 6:00 PM
No more overprivileged access tokens? 🔑
Implement strict trust boundaries in your APIs with resource isolation (#OAuth RFC 8707).
Learn how to configure it in Duende IdentityServer: duende.link/87qt2j
#dotnet
Implement strict trust boundaries in your APIs with resource isolation (#OAuth RFC 8707).
Learn how to configure it in Duende IdentityServer: duende.link/87qt2j
#dotnet
Should you blindly trust JWTs for accessing APIs? 😟
You’ve got OAuth 2.0 and JWTs, but a single misconfiguration in your library can leave you wide open. Join Wesley to see why "standard" validation isn't always enough.
🔗 Be there on March 3rd: duende.link/lsjwt26
#OAuth2 #DotNet #JWT
You’ve got OAuth 2.0 and JWTs, but a single misconfiguration in your library can leave you wide open. Join Wesley to see why "standard" validation isn't always enough.
🔗 Be there on March 3rd: duende.link/lsjwt26
#OAuth2 #DotNet #JWT
February 10, 2026 at 7:00 AM
Should you blindly trust JWTs for accessing APIs? 😟
You’ve got OAuth 2.0 and JWTs, but a single misconfiguration in your library can leave you wide open. Join Wesley to see why "standard" validation isn't always enough.
🔗 Be there on March 3rd: duende.link/lsjwt26
#OAuth2 #DotNet #JWT
You’ve got OAuth 2.0 and JWTs, but a single misconfiguration in your library can leave you wide open. Join Wesley to see why "standard" validation isn't always enough.
🔗 Be there on March 3rd: duende.link/lsjwt26
#OAuth2 #DotNet #JWT
The best optimization is the one you don't write. Upgrading to .NET 10 delivers throughput gains purely through runtime improvements.
Get a "free" boost by updating the package.
Learn more: duende.link/5pwbntg
#aspnet #dotnet
Get a "free" boost by updating the package.
Learn more: duende.link/5pwbntg
#aspnet #dotnet
Duende IdentityServer v7.4 is now available
Duende IdentityServer v7.4 is here! Full compatibility with .NET 10 LTS, plus a standards-based foundation for agentic AI systems and MCP.
duende.link
February 9, 2026 at 7:02 PM
The best optimization is the one you don't write. Upgrading to .NET 10 delivers throughput gains purely through runtime improvements.
Get a "free" boost by updating the package.
Learn more: duende.link/5pwbntg
#aspnet #dotnet
Get a "free" boost by updating the package.
Learn more: duende.link/5pwbntg
#aspnet #dotnet
What is PAR in security lingo? 🤔
Pushed Authorization Requests is a standard that moves authorization parameters off the URL to a secure back channel. Protect PII, prevent tampering, and shorten URLs!
Read more: duende.link/ej2w3u
#dotnet #securitylingo
Pushed Authorization Requests is a standard that moves authorization parameters off the URL to a secure back channel. Protect PII, prevent tampering, and shorten URLs!
Read more: duende.link/ej2w3u
#dotnet #securitylingo
Security Lingo Explained: PAR
Pushed Authorization Requests (PAR) is an OAuth standard that enhances the security of OAuth and OpenID Connect flows by moving authorization parameters from the front channel to the back channel,…
duende.link
February 9, 2026 at 5:30 PM
What is PAR in security lingo? 🤔
Pushed Authorization Requests is a standard that moves authorization parameters off the URL to a secure back channel. Protect PII, prevent tampering, and shorten URLs!
Read more: duende.link/ej2w3u
#dotnet #securitylingo
Pushed Authorization Requests is a standard that moves authorization parameters off the URL to a secure back channel. Protect PII, prevent tampering, and shorten URLs!
Read more: duende.link/ej2w3u
#dotnet #securitylingo
Join us as we continue our journey through essential security-related HTTP headers! In this video, we look at Referrer-Policy, a crucial header that gives you control over what information is sent in the Referer header.
youtu.be/ez77PZb9wfU #dotnet #SecurityTips #aspnetcore
youtu.be/ez77PZb9wfU #dotnet #SecurityTips #aspnetcore
February 9, 2026 at 1:01 PM
Join us as we continue our journey through essential security-related HTTP headers! In this video, we look at Referrer-Policy, a crucial header that gives you control over what information is sent in the Referer header.
youtu.be/ez77PZb9wfU #dotnet #SecurityTips #aspnetcore
youtu.be/ez77PZb9wfU #dotnet #SecurityTips #aspnetcore
Your best defense is collective knowledge. The Insiders' community acts as a radar for emerging .NET security and identity trends. Don't wait for the blog post; define best practices with us today.
Apply: duende.link/insiders
#aspnet #dotnet
Apply: duende.link/insiders
#aspnet #dotnet
Duende Product Insiders
We invite you to join a deeply technical, standards-driven community to help shape the future of .NET security and identity.
duende.link
February 9, 2026 at 7:00 AM
Your best defense is collective knowledge. The Insiders' community acts as a radar for emerging .NET security and identity trends. Don't wait for the blog post; define best practices with us today.
Apply: duende.link/insiders
#aspnet #dotnet
Apply: duende.link/insiders
#aspnet #dotnet
Standards evolve because people participate. Insiders help shape the roadmap. When we prototype new features, we ask the community how they fit real-world architectures.
Learn More ➡️ youtube.com/shorts/TJBk1...
#aspnet #aspnetcore #dotnet
Learn More ➡️ youtube.com/shorts/TJBk1...
#aspnet #aspnetcore #dotnet
Duende Product Insiders #dotnet #aspnet #aspnetcore
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide.
Apply: duende.link/insiders
youtube.com
February 6, 2026 at 6:03 PM
Standards evolve because people participate. Insiders help shape the roadmap. When we prototype new features, we ask the community how they fit real-world architectures.
Learn More ➡️ youtube.com/shorts/TJBk1...
#aspnet #aspnetcore #dotnet
Learn More ➡️ youtube.com/shorts/TJBk1...
#aspnet #aspnetcore #dotnet
.NET 10 brings massive performance gains. IdentityServer leverages these immediately, showing reduced allocation rates in the token validation path.
Read more ➡️ duende.link/5pwbntg
#aspnet #dotnet
Read more ➡️ duende.link/5pwbntg
#aspnet #dotnet
Duende IdentityServer v7.4 is now available
Duende IdentityServer v7.4 is here! Full compatibility with .NET 10 LTS, plus a standards-based foundation for agentic AI systems and MCP.
duende.link
February 6, 2026 at 3:01 PM
.NET 10 brings massive performance gains. IdentityServer leverages these immediately, showing reduced allocation rates in the token validation path.
Read more ➡️ duende.link/5pwbntg
#aspnet #dotnet
Read more ➡️ duende.link/5pwbntg
#aspnet #dotnet
Identity is hard. Building it alone is harder. 🤝
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide. A no-fluff zone for mission-critical systems.
Learn More: youtube.com/shorts/nTnaq...
#aspnet #aspnetcore #dotnet
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide. A no-fluff zone for mission-critical systems.
Learn More: youtube.com/shorts/nTnaq...
#aspnet #aspnetcore #dotnet
Duende Product Insiders Program #dotnet #aspnet #aspnetcore
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide. A no-fluff zone for mission-critical systems.
Apply: duende.link/insiders
youtube.com
February 6, 2026 at 2:03 PM
Identity is hard. Building it alone is harder. 🤝
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide. A no-fluff zone for mission-critical systems.
Learn More: youtube.com/shorts/nTnaq...
#aspnet #aspnetcore #dotnet
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide. A no-fluff zone for mission-critical systems.
Learn More: youtube.com/shorts/nTnaq...
#aspnet #aspnetcore #dotnet
Tired of watching your AI agents run around with manual client secrets? We’ve baked in RFC 8414 so your MCP servers can use proper DCR. No more duct tape. 🔐 Build standards-based, secure AI systems. #DontBeThatGuy #Standards #Identity
duende.link/wy4w32f
duende.link/wy4w32f
Scaling with Duende IdentityServer, MCP, and AI
Learn to leverage the Model Context Protocol (MCP) to securely scale AI agents and mitigate LLM errors with existing systems using Duende IdentityServer.
duende.link
February 6, 2026 at 7:01 AM
Tired of watching your AI agents run around with manual client secrets? We’ve baked in RFC 8414 so your MCP servers can use proper DCR. No more duct tape. 🔐 Build standards-based, secure AI systems. #DontBeThatGuy #Standards #Identity
duende.link/wy4w32f
duende.link/wy4w32f
SaaS providers are black boxes. Duende gives you full source access. Step-through to understand exactly how it all works.
Learn More: duende.link/2swrhhw
#aspnet #aspnetcore #dotnet
Learn More: duende.link/2swrhhw
#aspnet #aspnetcore #dotnet
Duende IdentityServer
The most flexible and standards-compliant OpenID Connect and OAuth framework for ASP.NET Core.
duende.link
February 5, 2026 at 5:01 PM
SaaS providers are black boxes. Duende gives you full source access. Step-through to understand exactly how it all works.
Learn More: duende.link/2swrhhw
#aspnet #aspnetcore #dotnet
Learn More: duende.link/2swrhhw
#aspnet #aspnetcore #dotnet
Cookies are essential for web applications, but did you know they can be vulnerable to JavaScript attacks? In this video, we look at the HttpOnly flag and show you how to protect your cookies from malicious JavaScript access!
youtu.be/ZMDBX9T8Z7o
#WebSecurity #ASPNETCore #SecurityTips #dotnet
youtu.be/ZMDBX9T8Z7o
#WebSecurity #ASPNETCore #SecurityTips #dotnet
February 5, 2026 at 2:35 PM
Cookies are essential for web applications, but did you know they can be vulnerable to JavaScript attacks? In this video, we look at the HttpOnly flag and show you how to protect your cookies from malicious JavaScript access!
youtu.be/ZMDBX9T8Z7o
#WebSecurity #ASPNETCore #SecurityTips #dotnet
youtu.be/ZMDBX9T8Z7o
#WebSecurity #ASPNETCore #SecurityTips #dotnet
Security you can’t prove isn’t security, it’s hope.
Stop relying on manual checks. We’re showing you how to automate your security testing to ensure your API only accepts your trusted tokens.
🔗 March 3rd. Be there: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
Stop relying on manual checks. We’re showing you how to automate your security testing to ensure your API only accepts your trusted tokens.
🔗 March 3rd. Be there: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
Livestream: Are your access tokens really secure?
Are your APIs vulnerable? Explore JWT pitfalls, learn to prevent exploits, and compare JWTs vs. opaque tokens in this expert-led session.
duende.link
February 5, 2026 at 2:00 PM
Security you can’t prove isn’t security, it’s hope.
Stop relying on manual checks. We’re showing you how to automate your security testing to ensure your API only accepts your trusted tokens.
🔗 March 3rd. Be there: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
Stop relying on manual checks. We’re showing you how to automate your security testing to ensure your API only accepts your trusted tokens.
🔗 March 3rd. Be there: duende.link/lsjwt26b
#OAuth2 #JWT #DotNet
Standards evolve because people participate. Insiders help shape the roadmap. When we prototype new features, we ask the community how they fit real-world architectures.
Apply: duende.link/insiders
#aspnet #dotnet
Apply: duende.link/insiders
#aspnet #dotnet
Duende Product Insiders
We invite you to join a deeply technical, standards-driven community to help shape the future of .NET security and identity.
duende.link
February 4, 2026 at 9:00 PM
Standards evolve because people participate. Insiders help shape the roadmap. When we prototype new features, we ask the community how they fit real-world architectures.
Apply: duende.link/insiders
#aspnet #dotnet
Apply: duende.link/insiders
#aspnet #dotnet
Don't let AI hallucinate credentials. Custom registration hacks are out; standards are in. Duende v7.4 uses RFC 8414 to give MCP clients reliable metadata. Use DCR the way it was meant to be used. Stop guessing, start conforming. It’s easier and safer. 🛡️
Scaling with Duende IdentityServer, MCP, and AI
Learn to leverage the Model Context Protocol (MCP) to securely scale AI agents and mitigate LLM errors with existing systems using Duende IdentityServer.
duende.link
February 4, 2026 at 6:04 PM
Don't let AI hallucinate credentials. Custom registration hacks are out; standards are in. Duende v7.4 uses RFC 8414 to give MCP clients reliable metadata. Use DCR the way it was meant to be used. Stop guessing, start conforming. It’s easier and safer. 🛡️
The best solution architects do not work in isolation. They validate their ideas with peers and experts. Join the conversation and validate your designs with the best in the industry.
➡️ youtube.com/shorts/nTnaq...
#aspnet #aspnetcore #dotnet
➡️ youtube.com/shorts/nTnaq...
#aspnet #aspnetcore #dotnet
Duende Product Insiders Program #dotnet #aspnet #aspnetcore
Join our private Insiders Discord to talk BFF, Passkeys, and OpenTelemetry with the Duende team and senior devs worldwide. A no-fluff zone for mission-critical systems.
Apply: duende.link/insiders
youtube.com
February 4, 2026 at 4:02 PM
The best solution architects do not work in isolation. They validate their ideas with peers and experts. Join the conversation and validate your designs with the best in the industry.
➡️ youtube.com/shorts/nTnaq...
#aspnet #aspnetcore #dotnet
➡️ youtube.com/shorts/nTnaq...
#aspnet #aspnetcore #dotnet
Expand your security lingo with our latest article on JWT (JSON Web Token), pronounced "jot"! 🍪
Learn what a JWT is, and its role in OAuth 2.0/OpenID Connect: duende.link/q2nage
#dotnet #securitylingo
Learn what a JWT is, and its role in OAuth 2.0/OpenID Connect: duende.link/q2nage
#dotnet #securitylingo
Security Lingo Explained: JWT
JWT (JSON Web Token) is an internet standard data format and an essential element of OAuth 2.0 and OpenID Connect.
duende.link
February 4, 2026 at 1:02 PM
Expand your security lingo with our latest article on JWT (JSON Web Token), pronounced "jot"! 🍪
Learn what a JWT is, and its role in OAuth 2.0/OpenID Connect: duende.link/q2nage
#dotnet #securitylingo
Learn what a JWT is, and its role in OAuth 2.0/OpenID Connect: duende.link/q2nage
#dotnet #securitylingo
Duende Software's latest Open Source Sponsorship goes to #BenchmarkDotNet! 🚀
It's a great project to help analyze (and maintain) performance of #dotnet code.
Check out the full post for details on the project: duende.link/o55bmd
It's a great project to help analyze (and maintain) performance of #dotnet code.
Check out the full post for details on the project: duende.link/o55bmd
BenchmarkDotNet - Open Source Sponsorship
Duende Software's latest Open Source Sponsorship goes to BenchmarkDotNet, a benchmarking library for .NET.
duende.link
February 4, 2026 at 9:01 AM
Duende Software's latest Open Source Sponsorship goes to #BenchmarkDotNet! 🚀
It's a great project to help analyze (and maintain) performance of #dotnet code.
Check out the full post for details on the project: duende.link/o55bmd
It's a great project to help analyze (and maintain) performance of #dotnet code.
Check out the full post for details on the project: duende.link/o55bmd
Why worry about stolen tokens when you can make them sender-constrained? 🛡️
DPoP adds a layer of protection by binding tokens to the client. Our JwtBearer Extensions v1.0 for .NET makes it easy to upgrade your API security.
Level up: duende.link/8q4jba
DPoP adds a layer of protection by binding tokens to the client. Our JwtBearer Extensions v1.0 for .NET makes it easy to upgrade your API security.
Level up: duende.link/8q4jba
DPoP Security for .NET APIs with JwtBearer Extensions v1.0.0
Announcing version 1.0 of the Duende.AspNetCore.Authentication.JwtBearer Extensions package for implementing Demonstrating Proof-of-Possession (DPoP) in .NET APIs, protecting against stolen access…
duende.link
February 3, 2026 at 7:30 PM
Why worry about stolen tokens when you can make them sender-constrained? 🛡️
DPoP adds a layer of protection by binding tokens to the client. Our JwtBearer Extensions v1.0 for .NET makes it easy to upgrade your API security.
Level up: duende.link/8q4jba
DPoP adds a layer of protection by binding tokens to the client. Our JwtBearer Extensions v1.0 for .NET makes it easy to upgrade your API security.
Level up: duende.link/8q4jba
Is an unsupported IS4 holding you back?
Meet the IS4 Migration Analysis Tool; a simple controller to map out your move to .NET 10 LTS. 🛠️
💰 Save 10% on licensing fees if you secure your spot by May 1.
Get started: docs.duendesoftware.com/identityserv...
Meet the IS4 Migration Analysis Tool; a simple controller to map out your move to .NET 10 LTS. 🛠️
💰 Save 10% on licensing fees if you secure your spot by May 1.
Get started: docs.duendesoftware.com/identityserv...
IdentityServer4 to Duende IdentityServer - Migration Analysis Tool
To help assist in planning the migration of an IdentityServer4 implementation to Duende IdentityServer, we provide a utility that analyzes the current configuration of your current IdentityServer4.…
docs.duendesoftware.com
February 3, 2026 at 5:15 PM
Is an unsupported IS4 holding you back?
Meet the IS4 Migration Analysis Tool; a simple controller to map out your move to .NET 10 LTS. 🛠️
💰 Save 10% on licensing fees if you secure your spot by May 1.
Get started: docs.duendesoftware.com/identityserv...
Meet the IS4 Migration Analysis Tool; a simple controller to map out your move to .NET 10 LTS. 🛠️
💰 Save 10% on licensing fees if you secure your spot by May 1.
Get started: docs.duendesoftware.com/identityserv...