Automatic Token Management for ASP.NET Core and Worker Services 1.0
After a pretty long preview period, I am happy to announce that IdentityModel.AspNetCore 1.0 is now on Nuget. This library solves a problem that we have with every single OIDC/OAuth client we are...
View ArticleUpdates on our Workshops
I am pleased to announce that we are now offering two workshops. I was mentioning that on Twitter already, and got a lot of questions. So I thought it would make sense to summarise them all in one...
View ArticleClik here to view.
The JWT Profile for OAuth 2.0 Access Tokens (and IdentityServer)
As part of creating our new Advanced OAuth training, I created a whole lecture on the evolution of access tokens and resource access. It’s fascinating – since the original OAuth 2.0 spec does not have...
View ArticleI don’t like Identity Tokens
…or rather the name ;) I bet that if you wake up most “identity professionals” in the middle of the night and ask them what an identity token is, the answer would be “a token about the identity of the...
View ArticleResource Access in IdentityServer4 v4 and going forward
In my last post I alluded to the tension between real-world token-based security architectures, the OAuth 2.0 scope model, JWT access tokens and the audience claim. We went through a couple of...
View ArticleAnnouncing IdentityServer4 v4.0
OK – it’s finally done. I published v4 to Nuget earlier today. You can find the complete set of changes/bug fixes/breaking changes here. We had to cut some features which were originally on our...
View ArticleRefresh Tokens in IdentityServer4 v4
I already wrote about the hardening of refresh tokens in this post. I would recommend reading this first. The upcoming OAuth 2.1 spec is pretty clear about refresh token handling: If the client is...
View ArticleFlexible Access Token Validation in ASP.NET Core
The ASP.NET Core authentication system went through a couple of iterations, and is pretty good now. For API scenarios, the typical choice is the JwtBearer authentication handler, which can validate...
View ArticleThe Future of IdentityServer
Tl:dr https://blog.duendesoftware.com/posts/20201001_helloduende/ Brock Allen and I have been working on the IdentityServer code-base for more than 10 years. In 2020 we will be making some important...
View ArticleWhat’s going on?
I just realized that my last blog post was over half a year ago when we announced our new company Duende Software. So what happened in the last 6 months of my life? In short – a ton! We left our...
View ArticleMy next Step
Exactly four years after we started Duende, it’s time for the next chapter… https://blog.duendesoftware.com/posts/20240903_duende_next_chapter/
View Article