-
Reusing Refresh Tokens By Default
Historically, IdentityServer could either issue reusable refresh tokens or enforce refresh token rotation. The default value was "rotate" which can often lead to problems. In IdentityServer 7.0, we made the decision to change the default behavior of refresh tokens so that they would be reusable by default. In this blog post, we'll describe refresh tokens and their security in detail and explain why we made this choice.
-
Duende IdentityServer v7 released
Pretty much exactly one year after the release of IdentityServer v6, we are happy to announce our next major version: IdentityServer v7.
-
Open Telemetry support in IdentityServer v7
OpenTelemetry is a collection of tools, APIs, and SDKs for generating and collecting telemetry data (metrics, logs, and traces). This is very useful for analyzing software performance and behavior, especially in highly distributed systems.
We started our journey with Traces in Duende IdentityServer v6.1. .NET 8 has full support for Open Telemetry and so does Duende IdentityServer v7. IdentityServer emits traces, metrics and logs.
-
DPoP support For Native and Mobile Applications
Implementing Proof of Possession tokens in native mobile applications with IdentityModel.OidcClient
