Good news! We are happy to share a new major version of the Duende Backend-for-Frontend (BFF) Security Framework V3 with you.

When building applications with SPA frameworks like React, Angular, VueJs or Blazor, Backend-For-Frontend (BFF) makes it easier and more secure to integrate and manage OAuth/OpenID Connect interactions.

In this post, let's explore what's new in Duende BFF v3.

What's new in BFF v3?

Since the release candidate version a few weeks ago, we have been hard at polishing existing and new functionality, samples and documentation.

To recap what's new:

• Support for .NET 8 and .NET 9
• Blazor support
• Several fixes and improvements
  • Bff YARP proxy improvements #1734 (many thanks to @ArturDorochowicz for bringing this issue to our attention and providing a solution direction)
  • AddAddEntityFrameworkServerSideSessionsServices in Duende.Bff.EntityFramework/Configuration/BffBuilderExtensions.cs #1695
  • Async GetUserClaims, GetManagementClaims #1702
  • Consolidating ClaimRecord and ClaimLite #1697
  • Prevent log warning when expected duplicate key constraint is violated. #1763
  • Signout on refresh token expire #1803
  • Bumped version of Duende.AccessTokenManagement to 3.2.0 #1804

To upgrade to BFF V3, bumping the NuGet package version should be sufficient if you rely on the default extension methods for wiring up the BFF in your applications. For more advanced scenarios, there are a few (breaking) changes to be aware of. See the release notes on GitHub and upgrade documentation for more details.

Updated documentation

The Backend-For-Frontend (BFF) documentation has a new home. We've restructured the documentation to make it easier to find information and learn about using the BFF pattern in your applications.