If you've used an AI coding assistant with Duende IdentityServer, you've probably noticed the responses sometimes veer off track. Ask how to configure refresh token rotation, wire up a federation gateway, or set up DPoP, and you'll get a response that's almost right. The general shape of correctness is there, but the ASP.NET Core and Duende-specific details are either missing or subtly wrong. Why is that? General-purpose models don't have deep expertise on identity protocols and Duende-specific configuration.
Identity is a domain where "close enough" isn't good enough. How do we solve this critical problem while helping you build secure solutions? We set out to build two complementary tools to close the gap: Duende Agent Skills and the Duende Documentation MCP Server.
Skills are static files that give your AI assistant structured domain knowledge: they help it know what to do. The MCP server is a local process that provides search and retrieval tools against our documentation, blog, and sample code. The MCP server helps the assistant look things up. You can use either or both. They're independent and complementary.
Agent Skills
Duende Agent Skills follow the open Agent Skills format. Each skill is a SKILL.md file covering a specific area of Duende-related identity and access management topics. When your AI assistant encounters an identity-related task, it will automatically attempt to load the relevant skill.
The areas where skills make the biggest difference, based on our benchmarks, are the deeply Duende-specific ones: UI flows (login, logout, consent, federation gateways), API protection (JWT bearer, reference tokens, scope-based authorization, proof-of-possession), and token management (refresh token rotation, DPoP, PAR, FAPI 2.0). These are the topics where general-purpose models struggle most, and where the skills close the largest gap. We benchmarked an average improvement of 28% (and up to 60%!) with Claude Opus 4.6, currently one of the most capable models.
The full library covers much more: IdentityServer hosting and configuration, ASP.NET Core authentication, Duende BFF, deployment and operations, testing with WebApplicationFactory, and specialized troubleshooting agents for IdentityServer and OAuth/OIDC. See the repository for the complete catalog and benchmark results.
Getting Started
For Claude Code (CLI), run these commands:
/plugin marketplace add DuendeSoftware/duende-skills
/plugin install duende-skills
For other tools, clone the repository and copy the skill folders into the path your AI coding assistant expects:
| AI Coding Assistant | Skills Path |
|---|---|
| GitHub Copilot | .github/skills/ |
| Claude Code | .claude/skills/ |
| OpenCode | ~/.config/opencode/skills/ |
| Cursor | .cursor/skills/ |
| Gemini CLI | .gemini/skills/ |
| Codex CLI | .codex/skills/ |
For example, to set up skills for GitHub Copilot:
git clone https://github.com/DuendeSoftware/duende-skills.git
mkdir -p .github/skills
cp -r duende-skills/skills/* .github/skills/
That's it. Once the folders are in place, your assistant typically discovers and loads them automatically. No further configuration needed. Try asking "Our JWT access tokens are currently set to 1 hour which is way too long. Apply security best practices.” If the skills are loaded, the response will reference Duende-specific client configuration instead of generic OAuth advice.
MCP Server
The Duende Documentation MCP Server implements the Model Context Protocol (MCP) to give AI coding assistants direct access to our docs, blog posts, and sample code. It runs locally and uses SQLite full-text search to index content from three sources:
- Documentation, parsed from our site's
llms.txt - Blog, indexed from the RSS feed at duendesoftware.com/blog
- Samples, downloaded from GitHub, including
.cs,.cshtml, and relevant.jsfiles
Your AI assistant gets several tools through the server: free-text search across all indexed content, fetching a specific documentation page, retrieving all code for a sample project, and pulling individual files from samples.
Getting Started
The MCP server is distributed via the dnx tool and requires the .NET 10 SDK on your machine.
Here's an example configuration for VS Code. Add this to .vscode/mcp.json:
{
"servers": {
"duende-mcp": {
"type": "stdio",
"command": "dnx",
"args": [
"Duende.Documentation.Mcp",
"--yes",
"--",
"--database", "/path/to/database.db"
],
"env": {}
}
}
}
Replace /path/to/database.db with where you want the SQLite index stored. On the first run, the server indexes everything in the background. Subsequent starts reuse the existing index and refresh incrementally.
Setup instructions for JetBrains Rider and Claude Code are in the MCP Server README.
Once registered, try asking something like "Can I add passkeys to Razor Pages? Use Duende." Adding "Use Duende" nudges the assistant to query the MCP server when the topic could match multiple sources.
Next Steps
Explore our AI Agent Tools documentation for a comprehensive guide covering both tools. We'd love to hear how these work for you, and whether you would like to see additional skills being added to the library.
Thanks for stopping by!
We hope this post helped you on your identity and security journey. If you need a hand with implementation, our docs are always open. For everything else, come hang out with the team and other developers on GitHub.
If you want to get early access to new features and products while collaborating with experts in security and identity standards, join us in our Duende Product Insiders program. And if you prefer your tech content in video form, our YouTube channel is the place to be. Don't forget to like and subscribe!
Questions? Comments? Just want to say hi? Leave a comment below and let's start a conversation.