Duende Blog

The software development space has creatively coined some memorable statements over the years, from “speed is a feature”, “memory is cheap”, and “always blame the new guy”. All these statements have one thing in common: as developers, we should do our best to baseline our assumptions and verify the truth. In the spirit of building the best software we possibly can by focusing on the fine details, we are happy to announce that this quarter's Duende Open Source Sponsorship goes to BenchmarkDotNet.

In our fourth sponsorship, the team at Duende has chosen BenchmarkDotNet as the next open-source recipient of our ongoing commitment to supporting projects that empower individuals, teams, communities, and organizations.

Now let’s see what BenchmarkDotNet is all about.

The security space can be a strange and confusing place for newcomers. In this series of posts, we aim to shed light on the security lingo you may encounter when reading the latest security specifications and scanning your favorite Duende documentation. By the end of this post, you’ll have added one more security phrase to your growing lexicon of security jargon with which to impress your fellow security professionals.

Today’s security lingo is PAR, so let’s discuss what the acronym stands for and where you can see and hear it used.

In the world of OpenID Connect and OAuth 2.0, signing keys are the foundation of trust. They ensure that tokens issued by your identity provider (IdP) are authentic and haven't been tampered with. Managing these keys properly, whether manual or automatically, is an important aspect of running a secure IdentityServer implementation.

This post explores the technical rationale behind key rotation, how Duende IdentityServer handles it, and best practices for implementing production-grade identity solutions.

The security space can be a strange and confusing place for newcomers. In this series of posts, we aim to shed light on the security lingo you may encounter when reading the latest security specifications and scanning your favorite Duende documentation. By the end of this post, you’ll have added one more security phrase to your growing lexicon of security jargon with which to impress your fellow security professionals.

Today’s security lingo is OP, so let’s discuss what the acronym stands for and where you can see and hear it used.

As we close 2025, we look back on an exceptional year marked by dedication, innovation, and an unwavering commitment to our community. What follows details the remarkable technical achievements of our engineering teams, who delivered over 1,042 merged pull requests in our core products repository and 173 in our FOSS projects. These numbers represent thousands of hours spent coding, reviewing, testing, and ultimately, shipping best-in-class security software.

Our engineers not only pushed the boundaries of our products—achieving major milestones like the FAPI 2.0 Profile Certification for IdentityServer 7.3.0, the architectural leap of Backend for Frontend (BFF) 4.0.0 GA with its multi-frontend support, and the complete internal reimagination of Duende.AccessTokenManagement 4.0.0—but also ensured we remained future-proof with immediate .NET 10 Support across our major releases.

However, a year of success is built on more than just code. This review celebrates the collective hard work of every Duende employee. Our Sales Teams worked tirelessly to bring our enterprise-grade security solutions to new markets and clients. Our Marketing Team ensured that the value of our commitment to standards and developer experience resonated clearly, amplifying our message of security and compliance to a global audience. And, critically, our Customer Success Team was on the front lines, translating complex technical challenges into real-world solutions, fostering the strong trust our clients place in us.

Together, these efforts have resulted in a powerful, positive impact on both the Duende customer base and the broader .NET community.

The security space can be a strange and confusing place for newcomers. In this series of posts, we aim to shed light on the security lingo you may encounter when reading the latest security specifications and scanning your favorite Duende documentation. By the end of this post, you’ll have added one more security phrase to your growing lexicon of security jargon with which to impress your fellow security professionals.

Today’s security lingo is BCP, so let’s discuss what the acronym stands for and where you can see and hear it used.

The security space can be a strange and confusing place for newcomers. In this series of posts, we aim to shed light on the security lingo you may encounter when reading the latest security specifications and scanning your favorite Duende documentation. By the end of this post, you’ll have added one more security phrase to your growing lexicon of security jargon with which to impress your fellow security professionals.

Today’s security lingo is DPoP, so let’s discuss what the acronym stands for and where you can see and hear it used.

The security space can be a strange and confusing place for newcomers. In this series of posts, we aim to shed light on the security lingo you may encounter when reading the latest security specifications and scanning your favorite Duende documentation. By the end of this post, you’ll have added one more security phrase to your growing lexicon of security jargon with which to impress your fellow security professionals.

Today’s security lingo is Auth, so let’s discuss what the word stands for and where you can see and hear it used.

Development teams look very different from teams 20 years ago, heck, even 5 years ago. Here at Duende, we have developed with .NET since its inception, and we know many of you have as well. The technology has been foundational for building solutions for decades now. Still, in our time, we’ve seen organizations also begin to evolve, adopting new technology, deploying to new devices, and delivering new user experiences. To say we, as a professional industry, have come a long way would be an understatement.

The umbrella term “development” now sees teams adopting practices in frontend, backend, operations, database management, and many other areas. Professionals’ skills and discipline coalesce to deliver outcomes that bring joy to stakeholders and, most importantly, users. While your users may experience positive emotions using software you’ve developed, quietly in the background, the unsung hero of security ensures they do so in a safe and secure environment.

Let’s examine why now is an excellent time to consider Backend for Frontend (BFF) when building new solutions or modernizing existing ones.

Today, we are proud to announce Duende IdentityServer v7.4. This is an important release that’s been built for .NET 10 Long-Term Support (LTS) and adds support for standards that are important for Agentic AI systems and the Model Context Protocol (MCP).

Duende IdentityServer remains the flexible, standards-compliant SDK for OpenID Connect and OAuth 2.0. With v7.4, we’re focused on .NET 10 upgrades that prioritize stability, safety, and long-term commitment. We’re also helping our users navigate the uncertainty of the AI boom with predictable, protocol-driven security. Plus, we’ve started a new community with an avenue for direct, technical collaboration - Duende Product Insiders.