# Duendesoftware > This is the full developer documentation for Duende Software Docs ## Pages - [Docs 4 Documentation](docs-4-documentation.md): ----- - [Duende Software
Docs](duende-softwarebr-docs.md): Get started building your .NET applications with IdentityServer, Backend-for-Frontend (BFF) and our open-source tools. - [404 Not Found](404-not-found.md): Page not found. Check the URL, try using the search bar, - [Access Token Management](access-token-management.md): The Duende.AccessTokenManagement library provides automatic access token management features for .NET applications - [Client Assertions](client-assertions.md): Learn how to use client assertions instead of shared secrets for token client authentication in Duende.AccessTokenMan... - [Customizing Client Credentials Token Management](customizing-client-credentials-token-management.md): Learn how to customize client credentials token management including client options, backchannel communication, and t... - [Demonstrating Proof-of-Possession (DPoP)](demonstrating-proof-of-possession-dpop.md): Demonstrating Proof-of-Possession is a security mechanism that binds access tokens to specific cryptographic keys to ... - [Extensibility](extensibility.md): Learn how to extend and customize Duende.AccessTokenManagement, including custom token retrieval. - [Customizing User Token Management](customizing-user-token-management.md): Learn how to customize user token management options, per-request parameters, and token storage mechanisms in ASP.NET... - [Blazor Server Access Token Management](blazor-server-access-token-management.md): Learn how to manage access tokens in Blazor Server applications and handle token storage and HTTP client usage with D... - [Duende AccessTokenManagement v3.x to v4.0](duende-accesstokenmanagement-v3x-to-v40.md): Guide for upgrading Duende.AccessTokenManagement from version 3.x to version 4.0, including migration steps for custo... - [Web Applications](web-applications.md): Learn how to manage access tokens in web applications, including setup, configuration, and usage with HTTP clients. - [Service Workers and Background Tasks](service-workers-and-background-tasks.md): Learn how to manage OAuth access tokens in worker applications and background tasks using Duende.AccessTokenManagement. - [Backend For Frontend (BFF) Security Framework](backend-for-frontend-bff-security-framework.md): A comprehensive security framework for securing browser-based frontends with ASP.NET Core backends - [The Duende BFF framework](the-duende-bff-framework.md): Duende.BFF is a library for building services that comply with the BFF pattern and solve security and identity proble... - [Architecture](architecture.md): Overview of BFF host architecture, including authentication, session management, and integration with ASP.NET Core co... - [Multi-frontend support](multi-frontend-support.md): Overview on what BFF multi-frontend support is, how it works and why you would use it. - [Third Party Cookies](third-party-cookies.md): Learn about the impact of third-party cookie blocking on OIDC flows and how the BFF pattern addresses these challenges - [UI Hosting](ui-hosting.md): A guide exploring different UI hosting strategies and their benefits when using Backend For Frontend (BFF) systems - [or](or.md): dotnet new duende-bff-localapi - [BFF Extensibility](bff-extensibility.md): Overview of the extensibility points available in Duende.BFF for customizing session management, HTTP forwarding, and... - [HTTP Forwarder](http-forwarder.md): Learn how to customize the HTTP forwarding behavior in BFF by providing custom HTTP clients and request/response tran... - [BFF Management Endpoints Extensibility](bff-management-endpoints-extensibility.md): The behavior of each [management endpoint](/bff/fundamentals/session/management) is defined in a service. When you ad... - [BFF Back-Channel Logout Endpoint Extensibility](bff-back-channel-logout-endpoint-extensibility.md): The back-channel logout endpoint has several extensibility points organized into two interfaces. The`IBackChannelLog... - [BFF Diagnostics Endpoint Extensibility](bff-diagnostics-endpoint-extensibility.md): The BFF diagnostics endpoint can be customized by implementing the`IDiagnosticsEndpoint`. - [BFF Login Endpoint Extensibility](bff-login-endpoint-extensibility.md): The BFF login endpoint has extensibility points in two interfaces. The`ILoginEndpoint`is the top-level abstraction ... - [BFF Logout Endpoint Extensibility](bff-logout-endpoint-extensibility.md): The BFF logout endpoint has extensibility points in two interfaces. The`ILogoutEndpoint`is the top-level abstractio... - [BFF Silent Login Endpoint Extensibility](bff-silent-login-endpoint-extensibility.md): The BFF silent login endpoint can be customized by implementing the`ISilentLoginEndpoint`. - [BFF Silent Login Callback Extensibility](bff-silent-login-callback-extensibility.md): The BFF silent login callback endpoint can be customized by implementing the`ISilentLoginCallbackEndpoint`. - [BFF User Endpoint Extensibility](bff-user-endpoint-extensibility.md): The BFF user endpoint can be customized by implementing the`IUserEndpoint`. - [Session Management](session-management.md): Configure and implement custom server-side session storage and lifecycle management through IUserSessionStore interface - [Token Management](token-management.md): Learn how to customize token storage and management in the BFF framework, including HTTP client configuration and per... - [Securing and Accessing API Endpoints](securing-and-accessing-api-endpoints.md): Learn about the different types of APIs in a BFF architecture and how to secure and access them properly - [Embedded (Local) APIs](embedded-local-apis.md): Documentation about Embedded (Local) APIs in BFF, including self-contained APIs and those using managed access tokens... - [Proxying Remote APIs](proxying-remote-apis.md): Learn how to configure and secure remote API access through BFF using HTTP forwarding and token management. - [YARP extensions](yarp-extensions.md): Integration of Duende.BFF with Microsoft's YARP reverse proxy, including token management and anti-forgery protection... - [BFF Security Framework Blazor Support](bff-security-framework-blazor-support.md): Learn how to integrate and use the BFF Security Framework with Microsoft Blazor applications for secure authenticatio... - [Multi-Frontend](multi-frontend.md): Documentation for multi-frontend support in BFF - [BFF Multi-Frontend Configuration](bff-multi-frontend-configuration.md): Documentation for managing BFF multi-frontend configuration - [Configuration Options](configuration-options.md): Comprehensive guide to configuring Duende BFF framework including general settings, paths, session management, and AP... - [BFF Blazor Server Options](bff-blazor-server-options.md): In the Blazor Server, you configure the **BffBlazorServerOptions** by using the **AddBlazorServer** method. - [BFF Blazor Client Options](bff-blazor-client-options.md): In WASM, you configure the **BffBlazorClientOptions** using the **AddBffBlazorClient** method: - [Proxy Servers and Load Balancers v4.0](proxy-servers-and-load-balancers-v40.md): When your BFF is hosted behind another reverse proxy or load balancer, you’ll want to use`X-Forwarded-*`headers. - [Authentication & Session Management](authentication-session-management.md): Learn how to set up authentication and session management components in ASP.NET Core BFF applications, including Open... - [ASP.NET Core Authentication System](aspnet-core-authentication-system.md): Learn how to configure and use ASP.NET Core authentication handlers for OpenID Connect and cookie-based session manag... - [BFF Session Management Endpoints](bff-session-management-endpoints.md): Overview of Duende.BFF endpoints for session management operations including login, logout, and user information retr... - [BFF Back-Channel Logout Endpoint](bff-back-channel-logout-endpoint.md): Documentation for the OpenID Connect Back-Channel Logout endpoint implementation in BFF, enabling server-to-server se... - [BFF Diagnostics Endpoint](bff-diagnostics-endpoint.md): Learn about the BFF diagnostics endpoint that provides access to user and client access tokens for development testin... - [BFF Login Endpoint](bff-login-endpoint.md): Learn how to initiate authentication and handle return URLs using the BFF login endpoint in your frontend applications - [BFF Logout Endpoint](bff-logout-endpoint.md): Learn how to use the BFF logout endpoint to sign out users and handle CSRF protection in your application - [BFF Silent Login Endpoint](bff-silent-login-endpoint.md): Endpoint for non-interactive authentication using an existing session at the remote identity provider - [BFF User Endpoint](bff-user-endpoint.md): The BFF user endpoint provides information about the currently authenticated user and their session status - [OpenID Connect Prompts](openid-connect-prompts.md): OpenID Connect prompt support in Duende BFF V4 - [Server-Side Sessions](server-side-sessions.md): Learn how to implement and configure server-side sessions in BFF to manage user session data storage and enable sessi... - [Token Management](token-management-2.md): Learn how to manage and utilize access tokens in BFF applications for secure API communication - [Getting started](getting-started.md): A collection of getting started guides to start with the BFF - [Blazor Applications](blazor-applications.md): A walkthrough showing how to set up and configure a BFF (Backend For Frontend) application using Blazor - [Getting Started - Multiple Frontends](getting-started-multiple-frontends.md): A guide on how to create a BFF application with multiple frontends. - [Getting Started - Single Frontend](getting-started-single-frontend.md): A guide on how to create a BFF application with a single frontend. - [Backend For Frontend (BFF) Samples](backend-for-frontend-bff-samples.md): A collection of sample applications demonstrating how to use the BFF security framework with different frontend techn... - [Upgrading BFF Security Framework](upgrading-bff-security-framework.md): Guide for upgrading Duende.BFF versions, including NuGet package updates - [Duende BFF Security Framework v2.x to v3.0](duende-bff-security-framework-v2x-to-v30.md): Guide for upgrading Duende BFF Security Framework from version 2.x to version 3.0, including migration steps for cust... - [Duende BFF Security Framework v3.0 to v4.0](duende-bff-security-framework-v30-to-v40.md): Guide for upgrading Duende BFF Security Framework from version 3.x to version 4.0, including migration steps for cust... - [Glossary](glossary.md): A comprehensive glossary of security and identity management terms, including features and concepts used in Duende Id... - [Licensing](licensing.md): Details about Duende IdentityServer licensing requirements, editions, configuration options, and trial mode functiona... - [Security Best Practices](security-best-practices.md): A comprehensive guide to security practices and procedures used in Duende Software development lifecycle - [Support & Issues](support-issues.md): Comprehensive guide for accessing source code, reporting issues, and obtaining support for Duende products. - [Duende IdentityModel](duende-identitymodel.md): Duende.IdentityModel for OpenID Connect and OAuth 2.0 related protocol operations, providing object models and utilit... - [Duende IdentityModel OIDC Client](duende-identitymodel-oidc-client.md): A certified OpenID Connect relying party library for building native clients with .NET, supporting various UI framewo... - [Demonstrating Proof-of-Possession (DPoP)](demonstrating-proof-of-possession-dpop-2.md): Learn how to leverage Demonstrating Proof-of-Possession when using OidcClient to build a native OIDC client. - [OIDC Client Automatic Mode](oidc-client-automatic-mode.md): Learn how to implement automatic OAuth/OIDC authentication by encapsulating browser interactions using OidcClient - [OIDC Client Logging](oidc-client-logging.md): Learn how to configure and customize logging in OidcClient using Microsoft.Extensions.Logging.ILogger - [OIDC Client Manual Mode](oidc-client-manual-mode.md): Guide for implementing manual mode in OidcClient to handle browser interactions and token processing - [Duende IdentityModel OIDC Client Samples](duende-identitymodel-oidc-client-samples.md): A collection of sample applications demonstrating how to use IdentityModel.OidcClient with various platforms and UI f... - [Device Authorization Endpoint](device-authorization-endpoint.md): Documentation for OAuth 2.0 device flow authorization endpoint using HttpClient extension methods - [Discovery Endpoint](discovery-endpoint.md): Documentation for using the OpenID Connect discovery endpoint client library, including configuration, validation, an... - [Dynamic Client Registration](dynamic-client-registration.md): Documentation for OpenID Connect Dynamic Client Registration library extension method for HttpClient that enables cli... - [General Usage](general-usage.md): Overview of IdentityModel client libraries common design patterns and usage for OpenID Connect and OAuth 2.0 endpoint... - [Token Introspection Endpoint](token-introspection-endpoint.md): Learn how to use the OAuth 2.0 token introspection endpoint to validate and inspect access tokens using HttpClient ex... - [Token Revocation Endpoint](token-revocation-endpoint.md): Client library implementation for OAuth 2.0 token revocation endpoint using HttpClient extension methods - [Token Endpoint](token-endpoint.md): Documentation for the OAuth 2.0 and OpenID Connect token endpoint client library, providing extension methods for Htt... - [UserInfo Endpoint](userinfo-endpoint.md): The client library for the [OpenID Connect UserInfo](https://openid.net/specs/openid-connect-core-1_0.html#userinfo) ... - [Base64 URL Encoding](base64-url-encoding.md): Documentation for Base64 URL encoding and decoding utilities in Duende IdentityModel, used for JWT token serialization - [Protocol and Claim Type Constants](protocol-and-claim-type-constants.md): Explore constant string classes provided by IdentityModel for OAuth 2.0, OpenID Connect protocol values, and JWT clai... - [Epoch Time Conversion](epoch-time-conversion.md): Learn about converting between DateTime and Unix/Epoch time formats in Duende IdentityModel for JWT tokens - [Creating Authorize and EndSession URLs](creating-authorize-and-endsession-urls.md): Helper utilities for creating OAuth 2.0/OpenID Connect authorization and end session URLs with query parameters - [Time-Constant String Comparison](time-constant-string-comparison.md): Learn about implementing secure string comparison to prevent timing attacks in security-sensitive contexts using Time... - [Fluent X.509 Certificate Store API](fluent-x509-certificate-store-api.md): Provides a simplified, fluent API for accessing and managing X.509 certificates in a certificate store. - [Duende IdentityServer](duende-identityserver.md): Overview of Duende IdentityServer framework for OpenID Connect and OAuth 2.x protocols, covering extensibility, secur... - [Protecting APIs](protecting-apis.md): Learn how to secure and protect your APIs using Duende IdentityServer's token-based authentication and authorization - [Authorization based on Scopes and Claims](authorization-based-on-scopes-and-claims.md): Guide for implementing authorization using scope claims and ASP.NET Core authorization policies with IdentityServer a... - [Validating Proof-of-Possession](validating-proof-of-possession.md): Guide for validating Proof-of-Possession (PoP) access tokens in ASP.NET Core using mTLS or DPoP mechanisms - [Using JSON Web Tokens (JWTs)](using-json-web-tokens-jwts.md): Guide for validating JWT bearer tokens in ASP.NET Core applications using the JWT authentication handler - [Reference Tokens](reference-tokens.md): Guide for implementing reference token validation in ASP.NET Core APIs using OAuth 2.0 token introspection - [ASP.NET Identity Integration](aspnet-identity-integration.md): Guide to integrating ASP.NET Identity with IdentityServer for user management, including setup instructions and confi... - [Configuration API](configuration-api.md): Documentation for the Configuration API endpoints that enable management and configuration of IdentityServer implemen... - [Dynamic Client Registration (DCR)](dynamic-client-registration-dcr.md): Learn how to configure and use Dynamic Client Registration (DCR) to automatically register OAuth clients with Identit... - [Data Stores and Persistence](data-stores-and-persistence.md): Overview of IdentityServer data stores types, including configuration and operational data, and their implementation ... - [Configuration Data](configuration-data.md): Documentation about configuration data models and stores in Duende IdentityServer, including client, resource, and id... - [Entity Framework Core Integration](entity-framework-core-integration.md): Documentation for using Entity Framework with IdentityServer to store configuration and operational data in any EF-su... - [Operational Data](operational-data.md): Documentation for managing dynamic operational data in IdentityServer including grants, keys, and server-side sessions - [IdentityServer Deployment](identityserver-deployment.md): Comprehensive guide covering key aspects of deploying IdentityServer including proxy configuration, data protection, ... - [Federal Information Processing Standard (FIPS) compliance](federal-information-processing-standard-fips-compliance.md): Explains Duende IdentityServer Federal Information Processing Standard (FIPS) compliance. - [Diagnostics](diagnostics.md): Overview of IdentityServer's diagnostic capabilities including logging, OpenTelemetry integration, and event system f... - [Diagnostics Data](diagnostics-data.md): Added in 7.3 - [Events](events.md): Documentation about IdentityServer's event system for structured logging and monitoring of important operations - [Logging](logging.md): Documentation for logging configuration and usage in Duende IdentityServer, including log levels and Serilog setup - [OpenTelemetry](opentelemetry.md): Documentation for OpenTelemetry integration in IdentityServer, covering metrics, traces and logs collection for monit... - [Claims](claims.md): Learn about how IdentityServer emits and manages claims for users and clients, including claim emission strategies an... - [Clients](clients.md): Learn about configuring and managing client applications that can request tokens from IdentityServer - [Hosting](hosting.md): Learn how to host and configure Duende IdentityServer in ASP.NET Core applications by adding services and middleware ... - [Key Management](key-management.md): Learn how to manage cryptographic keys for token signing in IdentityServer using automatic or static key management - [ASP.NET Core OpenID Connect Handler Events](aspnet-core-openid-connect-handler-events.md): ASP.NET Core's OpenID Connect handler events, what they are, and why you might want to use them. - [Resources](resources.md): Overview of resource types in Duende IdentityServer including API resources, identity resources, API scopes, and reso... - [API Resources](api-resources.md): Learn how API Resources in Duende IdentityServer help organize and group scopes, manage token claims, and control acc... - [API Scopes](api-scopes.md): Learn about API scopes in IdentityServer, how to define and use them for access control, and how they work with OAuth... - [Identity Resources](identity-resources.md): Learn about identity resources in Duende IdentityServer - named groups of claims about users that can be requested us... - [Resource Isolation](resource-isolation.md): Learn about isolating OAuth resources and using the resource parameter to control access token scope and audience - [Users and Logging In](users-and-logging-in.md): Overview of user management, authentication workflows, and UI customization options in Duende IdentityServer - [The Big Picture](the-big-picture.md): An overview of modern application architecture patterns and how OpenID Connect and OAuth 2.0 protocols implemented by... - [Packaging and Builds](packaging-and-builds.md): A guide to Duende IdentityServer packages, templates, UI components, and source code accessibility - [More Reading Resources](more-reading-resources.md): Collection of learning resources including demo server access, OAuth fundamentals, and ASP.NET security guides - [Supported Specifications](supported-specifications.md): A comprehensive list of supported OpenID Connect and OAuth 2.x specifications implemented in Duende IdentityServer - [Terminology](terminology.md): Learn about the key terms and concepts used in IdentityServer, including clients, resources, tokens, and user authent... - [IdentityServer Quickstarts](identityserver-quickstarts.md): Step-by-step tutorials for implementing common Duende IdentityServer scenarios, from basic setup to advanced features. - [Protecting An API With Client Credentials](protecting-an-api-with-client-credentials.md): Learn how to set up IdentityServer to protect an API using client credentials, implementing server-to-server authenti... - [Interactive Applications With ASP.NET Core](interactive-applications-with-aspnet-core.md): Learn how to add interactive user authentication to an ASP.NET Core application using OpenID Connect and IdentityServ... - [ASP.NET Core And API access](aspnet-core-and-api-access.md): Learn how to combine user authentication with API access by requesting both identity and API scopes during the OpenID... - [Token Management](token-management-3.md): Learn how to manage access tokens in interactive applications, including requesting refresh tokens, caching, and auto... - [Entity Framework Core: Configuration & Operational Data](entity-framework-core-configuration-operational-data.md): Learn how to configure IdentityServer to use Entity Framework Core for storing configuration and operational data in ... - [ASP.NET Core Identity](aspnet-core-identity.md): Learn how to integrate ASP.NET Core Identity with IdentityServer to manage user authentication and storage using Enti... - [Building Blazor WASM Client Applications](building-blazor-wasm-client-applications.md): Learn how to build secure Blazor WebAssembly applications using the Duende BFF security framework and integrate them ... - [Building Browser-Based Client Applications](building-browser-based-client-applications.md): Overview of browser-based client application patterns and security considerations when implementing JavaScript client... - [Browser-Based Applications With A BFF](browser-based-applications-with-a-bff.md): Guide to building secure browser-based JavaScript applications using the Backend For Frontend (BFF) pattern with Duen... - [JavaScript Applications Without A Backend](javascript-applications-without-a-backend.md): Learn how to build a client-side JavaScript application that interacts directly with IdentityServer for authenticatio... - [Models](models.md): Reference documentation for the models and interfaces used in Dynamic Client Registration (DCR), including request/re... - [Options](options.md): Reference documentation for the IdentityServer configuration options related to dynamic client registration and secre... - [Request Processing](request-processing.md): Understand how dynamic client registration requests are processed, including client ID and secret generation, through... - [Response Generation](response-generation.md): Reference documentation for dynamic client registration response generation, including interfaces and implementations... - [Store](store.md): Reference documentation for the Dynamic Client Registration (DCR) store interfaces and implementations used to manage... - [Validation](validation.md): Reference documentation for Dynamic Client Registration (DCR) validation process, including validation steps, interfa... - [Dependency Injection Extension Methods](dependency-injection-extension-methods.md): A comprehensive guide to IdentityServer's dependency injection extension methods for configuring services, stores, ca... - [Entity Framework Core Options](entity-framework-core-options.md): Configuration options available when using Entity Framework Core as the storage implementation for IdentityServer. - [Configuration Options](configuration-options-2.md): Configuration options available when using Entity Framework Core as the configuration store in IdentityServer - [Operational Options](operational-options.md): Configure Entity Framework Core operational store options including database schema, pooling settings, and cleanup pa... - [Authorize Endpoint](authorize-endpoint.md): Documentation for the authorize endpoint which handles browser-based token and authorization code requests, including... - [Backchannel Authentication Endpoint](backchannel-authentication-endpoint.md): Documentation for the CIBA endpoint which allows clients to initiate backchannel authentication requests for users wi... - [Device Authorization Endpoint](device-authorization-endpoint-2.md): Documentation for the device authorization endpoint which handles device flow authentication requests and issues devi... - [Discovery Endpoint](discovery-endpoint-2.md): Learn about the discovery endpoint that provides metadata about your IdentityServer configuration, including issuer n... - [End Session Endpoint](end-session-endpoint.md): The end session endpoint enables single sign-out functionality in OpenID Connect, allowing users to terminate their s... - [Introspection Endpoint](introspection-endpoint.md): Documentation for the RFC 7662 compliant introspection endpoint used to validate reference tokens, JWTs, and refresh ... - [OAuth Metadata Endpoint](oauth-metadata-endpoint.md): Learn about the OAuth metadata endpoint that provides information about your IdentityServer configuration, including ... - [Revocation Endpoint](revocation-endpoint.md): Learn about the revocation endpoint that allows invalidating access and refresh tokens according to RFC 7009 specific... - [Token Endpoint](token-endpoint-2.md): Documentation for the token endpoint that enables programmatic token requests using various grant types and parameter... - [UserInfo Endpoint](userinfo-endpoint-2.md): Reference documentation for the UserInfo endpoint, which allows retrieval of authenticated user claims using a valid ... - [API Resource](api-resource.md): Reference documentation for the ApiResource class which models an API in Duende IdentityServer, including its propert... - [API Scope](api-scope.md): Reference documentation for the ApiScope class which models an OAuth scope in Duende IdentityServer, including its pr... - [Backchannel User Login Request](backchannel-user-login-request.md): Reference documentation for the BackchannelUserLoginRequest class which models the information needed to initiate a u... - [Client](client.md): Reference documentation for the Client class which models an OpenID Connect or OAuth 2.0 client in Duende IdentitySer... - [Grant Validation Result](grant-validation-result.md): Reference documentation for the GrantValidationResult class which models the outcome of grant validation for extensio... - [Identity Resource](identity-resource.md): Reference documentation for the IdentityResource class which models an identity resource in Duende IdentityServer, in... - [Identity Provider](identity-provider.md): Reference documentation for identity provider models in Duende IdentityServer, including OidcProvider for external Op... - [License Usage Summary](license-usage-summary.md): Reference documentation for the LicenseUsageSummary class which provides detailed information about clients, issuers,... - [Secrets](secrets.md): Reference documentation for secret handling in Duende IdentityServer, including the ISecretParser interface for extra... - [IdentityServer Options](identityserver-options.md): Documentation of all configuration options in Duende IdentityServer, including settings for key management, endpoints... - [Response Generators](response-generators.md): An overview of IdentityServer's response generation pattern and customization options for protocol endpoint responses. - [Authorize Interaction Response Generator](authorize-interaction-response-generator.md): Documentation for the IAuthorizeInteractionResponseGenerator interface which determines if a user must log in or cons... - [IHttpResponseWriter](ihttpresponsewriter.md): Documentation for the IHttpResponseWriter interface, a low-level abstraction for customizing serialization, encoding,... - [Token Response Generator](token-response-generator.md): Documentation for the ITokenResponseGenerator interface and its implementation, which generates responses to valid to... - [Backchannel Authentication Interaction Service](backchannel-authentication-interaction-service.md): Documentation for the IBackchannelAuthenticationInteractionService interface which provides services for accessing an... - [Backchannel Authentication User Notification Service](backchannel-authentication-user-notification-service.md): Documentation for the IBackchannelAuthenticationUserNotificationService interface which is used to notify users when ... - [Device Flow Interaction Service](device-flow-interaction-service.md): Documentation for the IDeviceFlowInteractionService interface which provides services for user interfaces to communic... - [IdentityServer Interaction Service](identityserver-interaction-service.md): Documentation for the IIdentityServerInteractionService interface which provides services for user interfaces to comm... - [Persisted Grant Service](persisted-grant-service.md): Documentation for the IPersistedGrantService interface which provides access to a user's grants for managing consent ... - [Profile Service](profile-service.md): Documentation for the IProfileService interface which encapsulates retrieval of user claims and determines if users a... - [Refresh Token Service](refresh-token-service.md): Documentation for the IRefreshTokenService interface which handles validation, creation, and updating of refresh toke... - [Session Management Service](session-management-service.md): Documentation for the ISessionManagementService interface which provides administrative features to query and termina... - [Token Creation Service](token-creation-service.md): Documentation for the ITokenCreationService interface which is responsible for creating security tokens by converting... - [User Session Service](user-session-service.md): Documentation for the IUserSession interface which manages user sessions and tracks participating client applications... - [Stores](stores.md): An overview of IdentityServer's persistence layer abstractions that manage configuration and operational data for aut... - [Backchannel Authentication Request Store](backchannel-authentication-request-store.md): Documentation for the IBackChannelAuthenticationRequestStore interface which is used to store and manage backchannel ... - [Client Store](client-store.md): Documentation for the IClientStore interface which is used to dynamically load client configuration by client ID. - [CORS Policy Service](cors-policy-service.md): Documentation for the ICorsPolicyService interface which determines if CORS requests from specific origins are allowe... - [Device Flow Store](device-flow-store.md): Documentation for the IDeviceFlowStore interface which manages storage of authorization grants for the device flow au... - [Identity Provider Store](identity-provider-store.md): Documentation for the IIdentityProviderStore interface which dynamically loads identity provider configurations for e... - [Persisted Grant Store](persisted-grant-store.md): Documentation for the IPersistedGrantStore interface which manages storage and retrieval of authorization grants such... - [Pushed Authorization Request Store](pushed-authorization-request-store.md): Interface for managing pushed authorization requests storage in OAuth PAR flow. - [Resource Store](resource-store.md): Documentation for the IResourceStore interface which dynamically loads identity resources, API scopes, and API resour... - [Server-Side Session Store](server-side-session-store.md): Documentation for the IServerSideSessionStore interface and related models for managing server-side user authenticati... - [Signing Key Store](signing-key-store.md): Documentation for the ISigningKeyStore interface which manages the storage, retrieval, and deletion of cryptographic ... - [Backchannel Authentication User Validator](backchannel-authentication-user-validator.md): Documentation for the IBackchannelAuthenticationUserValidator interface which is used to validate request hints and i... - [Custom Authorize Request Validator](custom-authorize-request-validator.md): Documentation for the ICustomAuthorizeRequestValidator interface which allows inserting custom validation logic into ... - [Custom Token Request Validator](custom-token-request-validator.md): Documentation for the ICustomTokenRequestValidator interface which allows inserting custom validation logic into toke... - [DPoP Proof Validator](dpop-proof-validator.md): Documentation for the IDPoPProofValidator interface which validates Demonstrating Proof of Possession (DPoP) tokens t... - [Extension Grant Validator](extension-grant-validator.md): Documentation for the IExtensionGrantValidator interface which enables custom OAuth grant types by handling validatio... - [Duende IdentityServer Samples](duende-identityserver-samples.md): A collection of runnable samples demonstrating various IdentityServer scenarios with source code available in the Git... - [ASP.NET Identity Integration](aspnet-identity-integration-2.md): A sample demonstrating how to integrate ASP.NET Identity with Duende IdentityServer using minimal code to create a wo... - [Basics](basics.md): A collection of common IdentityServer scenarios including client credentials, JWT-based authentication, reference tok... - [Clients](clients-2.md): A collection of client technology samples demonstrating how to connect different platforms like .NET 4.8 WebForms, MV... - [Configuration API](configuration-api-2.md): Samples demonstrating the IdentityServer.Configuration API for Dynamic Client Registration (DCR), permissions managem... - [Diagnostics](diagnostics-2.md): Samples demonstrating IdentityServer's diagnostic capabilities with OpenTelemetry integration, including metrics, tra... - [Miscellaneous](miscellaneous.md): A collection of specialized IdentityServer samples covering Azure Functions security, mutual TLS with Kestrel, DPoP f... - [Requesting tokens](requesting-tokens.md): Samples demonstrating token-related features in IdentityServer, including extension grants for Token Exchange impleme... - [User Interaction](user-interaction.md): Samples demonstrating customization of IdentityServer's interactive pages, including custom profile services, step-up... - [Requesting Tokens](requesting-tokens-2.md): An overview of token types in Duende IdentityServer, including identity tokens, access tokens, and refresh tokens, al... - [Client Authentication](client-authentication.md): A comprehensive guide to client authentication methods in Duende IdentityServer, including shared secrets, private ke... - [Calling Endpoints from JavaScript](calling-endpoints-from-javascript.md): In JavaScript-based clients, some endpoints like the token endpoint (but also discovery) will be accessed via Ajax ca... - [Dynamic Request Validation and Customization](dynamic-request-validation-and-customization.md): A guide to implementing the ICustomTokenRequestValidator interface to extend the token request pipeline with addition... - [Extension Grants](extension-grants.md): A guide to implementing OAuth extension grants in IdentityServer for non-standard token issuance scenarios, with a fo... - [FAPI 2.0](fapi-20.md): Overview of the FAPI 2.0 implementation in Duende IdentityServer 7.3+ - [Issuing Internal Tokens](issuing-internal-tokens.md): A guide to using the IIdentityServerTools interface for creating JWT tokens internally within IdentityServer's extens... - [Signed Authorize Requests](signed-authorize-requests.md): JWT Secured Authorization Request (JAR) is a security enhancement that allows authorization parameters to be packaged... - [Pushed Authorization Requests](pushed-authorization-requests.md): Pushed Authorization Requests (PAR) in IdentityServer, an OAuth standard that enhances security by moving authorizati... - [Issuing Tokens Based On User Passwords](issuing-tokens-based-on-user-passwords.md): A guide to implementing the deprecated password grant type in IdentityServer for legacy applications, covering token ... - [Proof-of-Possession Access Tokens](proof-of-possession-access-tokens.md): Documentation for Proof-of-Possession (PoP) tokens, which enhance security by cryptographically binding tokens to cli... - [Reference Tokens](reference-tokens-2.md): Documentation about reference tokens in Duende IdentityServer, including how they are stored, accessed, and configure... - [Refreshing a Token](refreshing-a-token.md): Documentation for refresh token management in IdentityServer, including requesting, using and securing refresh tokens... - [Requesting a Token](requesting-a-token.md): Guide explaining how to request tokens for both machine-to-machine communication and interactive applications, includ... - [Duende IdentityServer Troubleshooting](duende-identityserver-troubleshooting.md): When troubleshooting an IdentityServer setup we have some tips and tricks to share. These are both ways to get more i... - [User Interaction](user-interaction-2.md): Overview of IdentityServer's user interaction architecture, explaining how the UI is separated from the core engine t... - [IdentityServer Admin UI](identityserver-admin-ui.md): Documentation for implementing an administrative UI for IdentityServer. - [Client Initiated Backchannel Authentication (CIBA)](client-initiated-backchannel-authentication-ciba.md): Documentation for implementing CIBA in IdentityServer, a workflow that allows users to authenticate on a trusted devi... - [Consent](consent.md): Documentation for implementing the consent page in IdentityServer, which allows users to grant client applications pe... - [Custom Pages](custom-pages.md): Guide for implementing custom pages in IdentityServer beyond standard authentication pages, including integration wit... - [Error](error.md): Documentation for implementing the error page in IdentityServer, which displays information to users when errors occu... - [Federation Gateway](federation-gateway.md): Guide to implementing federation in IdentityServer, allowing it to act as a gateway that offers multiple external aut... - [Getting Started](getting-started-2.md): Guide to implementing the login page in IdentityServer, which establishes user authentication sessions and can be con... - [Login Context](login-context.md): Guide to accessing and using authorization request parameters from the returnUrl to customize the login workflow in I... - [Dynamic Providers](dynamic-providers.md): Documentation for IdentityServer's Dynamic Identity Providers feature, which enables configuring external authenticat... - [Integrating with External Providers](integrating-with-external-providers.md): Guide to integrating external identity providers with IdentityServer, including registration of authentication handle... - [Accepting Local Credentials](accepting-local-credentials.md): Guide to implementing a local login page in IdentityServer that validates username/password credentials, issues authe... - [Multi Factor Authentication](multi-factor-authentication.md): Overview of multi-factor authentication (MFA) implementation options in IdentityServer, including using ASP.NET Core ... - [Redirecting Back To The Client](redirecting-back-to-the-client.md): Guide to safely redirecting users back to client applications after login in IdentityServer, using the returnUrl para... - [Authentication Session](authentication-session.md): Guide to establishing and configuring authentication sessions in IdentityServer using ASP.NET Core's cookie authentic... - [Windows Authentication](windows-authentication.md): Guide to implementing Windows authentication in IdentityServer using various approaches including IIS hosting, HTTP.S... - [Getting Started](getting-started-3.md): Guide to implementing the logout page in IdentityServer, which terminates user authentication sessions and handles se... - [Returning to the Client](returning-to-the-client.md): Guide to properly redirecting users back to client applications after logout in IdentityServer, ensuring front-channe... - [External Logout](external-logout.md): Guide to implementing logout from external identity providers in IdentityServer, including detecting provider usage, ... - [External Logout Notification](external-logout-notification.md): Documentation on federated sign-out in IdentityServer, explaining how external identity provider logout notifications... - [Logout Context](logout-context.md): Guide to accessing and using the LogoutRequest context in IdentityServer, which provides essential information for im... - [Client Notifications](client-notifications.md): Comprehensive guide to client notification mechanisms in IdentityServer, covering front-channel, back-channel, and Ja... - [Session Cleanup and Logout](session-cleanup-and-logout.md): Guide to correctly ending a session in IdentityServer, including removing authentication cookies, handling external l... - [Client Application Portal](client-application-portal.md): Documentation for creating a client application portal within IdentityServer that provides links to applications conf... - [Overview](overview.md): An introduction to IdentityServer's server-side sessions feature, which stores authentication state on the server rat... - [Inactivity Timeout](inactivity-timeout.md): A guide to implementing system-wide inactivity timeout in IdentityServer using server-side sessions to coordinate use... - [Session Expiration](session-expiration.md): Documentation on IdentityServer's session expiration feature, which automatically cleans up expired server-side sessi... - [Session Management](session-management-2.md): Documentation on using the ISessionManagementService to query and terminate user sessions in IdentityServer, includin... - [Upgrading IdentityServer](upgrading-identityserver.md): Guide for upgrading between IdentityServer versions, including instructions for database migrations, breaking changes... - [IdentityServer4 to Duende IdentityServer v7.3](identityserver4-to-duende-identityserver-v73.md): This upgrade guide covers upgrading from IdentityServer4 to Duende IdentityServer v7.3. IdentityServer4 reached its e... - [IdentityServer4 v3.1 to Duende IdentityServer v6](identityserver4-v31-to-duende-identityserver-v6.md): This upgrade guide covers upgrading from IdentityServer4 v3.1.x to Duende IdentityServer v6. This upgrade is more com... - [IdentityServer4 v4.1 to Duende IdentityServer v6](identityserver4-v41-to-duende-identityserver-v6.md): This upgrade guide covers upgrading from IdentityServer4 v4.1.x to Duende IdentityServer v6. - [Microsoft SPA and Blazor Templates](microsoft-spa-and-blazor-templates.md): A guide for migrating from Microsoft's SPA and Blazor templates to a recommended Duende IdentityServer architecture w... - [Duende IdentityServer v5.0 to v5.1](duende-identityserver-v50-to-v51.md): This upgrade guide covers upgrading from Duende IdentityServer v5.0 to v5.1 ([release notes](https://github.com/Duend... - [Duende IdentityServer v5.1 to v5.2](duende-identityserver-v51-to-v52.md): This upgrade guide covers upgrading from Duende IdentityServer v5.1 to v5.2 ([release notes](https://github.com/Duend... - [Duende IdentityServer v5.2 to v6.0](duende-identityserver-v52-to-v60.md): This upgrade guide covers upgrading from Duende IdentityServer v5.2 to v6.0 ([release notes](https://github.com/Duend... - [Duende IdentityServer v6.0 to v6.1](duende-identityserver-v60-to-v61.md): This upgrade guide covers upgrading from Duende IdentityServer v6.0 to v6.1 ([release notes](https://github.com/Duend... - [Duende IdentityServer v6.1 to v6.2](duende-identityserver-v61-to-v62.md): This upgrade guide covers upgrading from Duende IdentityServer v6.1 to v6.2 ([release notes](https://github.com/Duend... - [Duende IdentityServer v6.2 to v6.3](duende-identityserver-v62-to-v63.md): This upgrade guide covers upgrading from Duende IdentityServer v6.2 to v6.3 ([release notes](https://github.com/Duend... - [Duende IdentityServer v6.3 to v7.0](duende-identityserver-v63-to-v70.md): IdentityServer v7.0 includes support for .NET 8, pushed authorization requests, OpenTelemetry metrics, cleanup job im... - [Duende IdentityServer v7.0 to v7.1](duende-identityserver-v70-to-v71.md): IdentityServer v7.1 includes support for .NET 9 and many other smaller fixes and enhancements. Please see our [releas... - [Duende IdentityServer v7.1 to v7.2](duende-identityserver-v71-to-v72.md): This upgrade guide covers upgrading from Duende IdentityServer v7.1 to v7.2 ([release notes](https://github.com/Duend... - [Duende IdentityServer v7.2 to v7.3](duende-identityserver-v72-to-v73.md): This upgrade guide covers upgrading from Duende IdentityServer v7.2 to v7.3 ([release notes](https://github.com/Duend... - [Duende IdentityServer v7.3 to v7.4](duende-identityserver-v73-to-v74.md): This upgrade guide covers upgrading from Duende IdentityServer v7.3 to v7.4 ([release notes](https://github.com/Duend... - [Duende Introspection Authentication Handler](duende-introspection-authentication-handler.md): An ASP.NET Core authentication handler for OAuth 2.0 token introspection. - [Configuring OAuth 2.0 Token Introspection](configuring-oauth-20-token-introspection.md): Learn more about the various options when adding the ASP.NET Core authentication handler for OAuth 2.0 token introspe... - [Quick links](quick-links.md): A collection of frequently accessed links for Duende documentation, licensing, and community resources. - [Duendesoftware Documentation](duendesoftware-documentation.md): ----- - [Duende Software
Docs](duende-softwarebr-docs-2.md): Get started building your .NET applications with IdentityServer, Backend-for-Frontend (BFF) and our open-source tools. - [404 Not Found](404-not-found-2.md): Page not found. Check the URL, try using the search bar, - [Access Token Management](access-token-management-2.md): The Duende.AccessTokenManagement library provides automatic access token management features for .NET applications - [Client Assertions](client-assertions-2.md): Learn how to use client assertions instead of shared secrets for token client authentication in Duende.AccessTokenMan... - [Customizing Client Credentials Token Management](customizing-client-credentials-token-management-2.md): Learn how to customize client credentials token management including client options, backchannel communication, and t... - [Demonstrating Proof-of-Possession (DPoP)](demonstrating-proof-of-possession-dpop-2.md): Demonstrating Proof-of-Possession is a security mechanism that binds access tokens to specific cryptographic keys to ... - [Extensibility](extensibility-2.md): Learn how to extend and customize Duende.AccessTokenManagement, including custom token retrieval. - [Logging](logging-2.md): Documentation for logging configuration and usage in Duende Access Token Management, including log levels and Serilog... - [Customizing User Token Management](customizing-user-token-management-2.md): Learn how to customize user token management options, per-request parameters, and token storage mechanisms in ASP.NET... - [Blazor Server Access Token Management](blazor-server-access-token-management-2.md): Learn how to manage access tokens in Blazor Server applications and handle token storage and HTTP client usage with D... - [Duende AccessTokenManagement v3.x to v4.0](duende-accesstokenmanagement-v3x-to-v40-2.md): Guide for upgrading Duende.AccessTokenManagement from version 3.x to version 4.0, including migration steps for custo... - [Web Applications](web-applications-2.md): Learn how to manage access tokens in web applications, including setup, configuration, and usage with HTTP clients. - [Service Workers and Background Tasks](service-workers-and-background-tasks-2.md): Learn how to manage OAuth access tokens in worker applications and background tasks using Duende.AccessTokenManagement. - [Backend For Frontend (BFF) Security Framework](backend-for-frontend-bff-security-framework-2.md): A comprehensive security framework for securing browser-based frontends with ASP.NET Core backends - [The Duende BFF framework](the-duende-bff-framework-2.md): Duende.BFF is a library for building services that comply with the BFF pattern and solve security and identity proble... - [Architecture](architecture-2.md): Overview of BFF host architecture, including authentication, session management, and integration with ASP.NET Core co... - [Multi-frontend support](multi-frontend-support-2.md): Overview on what BFF multi-frontend support is, how it works and why you would use it. - [Third Party Cookies](third-party-cookies-2.md): Learn about the impact of third-party cookie blocking on OIDC flows and how the BFF pattern addresses these challenges - [UI Hosting](ui-hosting-2.md): A guide exploring different UI hosting strategies and their benefits when using Backend For Frontend (BFF) systems - [or](or-2.md): dotnet new duende-bff-localapi - [Diagnostics](diagnostics-2.md): Overview of Duende Backend for Frontend (BFF) diagnostic capabilities including logging and OpenTelemetry integration... - [BFF Extensibility](bff-extensibility-2.md): Overview of the extensibility points available in Duende.BFF for customizing session management, HTTP forwarding, and... - [HTTP Forwarder](http-forwarder-2.md): Learn how to customize the HTTP forwarding behavior in BFF by providing custom HTTP clients and request/response tran... - [BFF Management Endpoints Extensibility](bff-management-endpoints-extensibility-2.md): The behavior of each [management endpoint](/bff/fundamentals/session/management) is defined in a service. When you ad... - [BFF Back-Channel Logout Endpoint Extensibility](bff-back-channel-logout-endpoint-extensibility-2.md): The back-channel logout endpoint has several extensibility points organized into two interfaces. The`IBackchannelLog... - [BFF Diagnostics Endpoint Extensibility](bff-diagnostics-endpoint-extensibility-2.md): The BFF diagnostics endpoint can be customized by implementing the`IDiagnosticsEndpoint`. - [BFF Login Endpoint Extensibility](bff-login-endpoint-extensibility-2.md): The BFF login endpoint has extensibility points in two interfaces. The`ILoginEndpoint`is the top-level abstraction ... - [BFF Logout Endpoint Extensibility](bff-logout-endpoint-extensibility-2.md): The BFF logout endpoint has extensibility points in two interfaces. The`ILogoutEndpoint`is the top-level abstractio... - [BFF Silent Login Endpoint Extensibility](bff-silent-login-endpoint-extensibility-2.md): The BFF silent login endpoint can be customized by implementing the`ISilentLoginEndpoint`. - [BFF Silent Login Callback Extensibility](bff-silent-login-callback-extensibility-2.md): The BFF silent login callback endpoint can be customized by implementing the`ISilentLoginCallbackEndpoint`. - [BFF User Endpoint Extensibility](bff-user-endpoint-extensibility-2.md): The BFF user endpoint can be customized by implementing the`IUserEndpoint`. - [Session Management](session-management-2.md): Configure and implement custom server-side session storage and lifecycle management through IUserSessionStore interface - [Token Management](token-management-2.md): Learn how to customize token storage and management in the BFF framework, including HTTP client configuration and per... - [Securing and Accessing API Endpoints](securing-and-accessing-api-endpoints-2.md): Learn about the different types of APIs in a BFF architecture and how to secure and access them properly - [Embedded (Local) APIs](embedded-local-apis-2.md): Documentation about Embedded (Local) APIs in BFF, including self-contained APIs and those using managed access tokens... - [Proxying Remote APIs](proxying-remote-apis-2.md): Learn how to configure and secure remote API access through BFF using HTTP forwarding and token management. - [YARP extensions](yarp-extensions-2.md): Integration of Duende.BFF with Microsoft's YARP reverse proxy, including token management and anti-forgery protection... - [BFF Security Framework Blazor Support](bff-security-framework-blazor-support-2.md): Learn how to integrate and use the BFF Security Framework with Microsoft Blazor applications for secure authenticatio... - [Multi-Frontend](multi-frontend-2.md): Documentation for multi-frontend support in BFF - [BFF Multi-Frontend Configuration](bff-multi-frontend-configuration-2.md): Documentation for managing BFF multi-frontend configuration - [Configuration Options](configuration-options-2.md): Comprehensive guide to configuring Duende BFF framework including general settings, paths, session management, and AP... - [BFF Blazor Server Options](bff-blazor-server-options-2.md): In the Blazor Server, you configure the **BffBlazorServerOptions** by using the **AddBlazorServer** method. - [BFF Blazor Client Options](bff-blazor-client-options-2.md): In WASM, you configure the **BffBlazorClientOptions** using the **AddBffBlazorClient** method: - [Proxy Servers and Load Balancers v4.0](proxy-servers-and-load-balancers-v40-2.md): When your BFF is hosted behind another reverse proxy or load balancer, you’ll want to use`X-Forwarded-*`headers. - [Authentication & Session Management](authentication-session-management-2.md): Learn how to set up authentication and session management components in ASP.NET Core BFF applications, including Open... - [ASP.NET Core Authentication System](aspnet-core-authentication-system-2.md): Learn how to configure and use ASP.NET Core authentication handlers for OpenID Connect and cookie-based session manag... - [BFF Session Management Endpoints](bff-session-management-endpoints-2.md): Overview of Duende.BFF endpoints for session management operations including login, logout, and user information retr... - [BFF Back-Channel Logout Endpoint](bff-back-channel-logout-endpoint-2.md): Documentation for the OpenID Connect Back-Channel Logout endpoint implementation in BFF, enabling server-to-server se... - [BFF Diagnostics Endpoint](bff-diagnostics-endpoint-2.md): Learn about the BFF diagnostics endpoint that provides access to user and client access tokens for development testin... - [BFF Login Endpoint](bff-login-endpoint-2.md): Learn how to initiate authentication and handle return URLs using the BFF login endpoint in your frontend applications - [BFF Logout Endpoint](bff-logout-endpoint-2.md): Learn how to use the BFF logout endpoint to sign out users and handle CSRF protection in your application - [BFF Silent Login Endpoint](bff-silent-login-endpoint-2.md): Endpoint for non-interactive authentication using an existing session at the remote identity provider - [BFF User Endpoint](bff-user-endpoint-2.md): The BFF user endpoint provides information about the currently authenticated user and their session status - [OpenID Connect Prompts](openid-connect-prompts-2.md): OpenID Connect prompt support in Duende BFF V4 - [Server-Side Sessions](server-side-sessions-2.md): Learn how to implement and configure server-side sessions in BFF to manage user session data storage and enable sessi... - [Token Management](token-management-2-2.md): Learn how to manage and utilize access tokens in BFF applications for secure API communication - [Getting started](getting-started-2.md): A collection of getting started guides to start with the BFF - [Blazor Applications](blazor-applications-2.md): A walkthrough showing how to set up and configure a BFF (Backend For Frontend) application using Blazor - [Getting Started - Multiple Frontends](getting-started-multiple-frontends-2.md): A guide on how to create a BFF application with multiple frontends. - [Getting Started - Single Frontend](getting-started-single-frontend-2.md): A guide on how to create a BFF application with a single frontend. - [Getting Started - Templates](getting-started-templates.md): A guide on how to install the BFF project templates. - [Backend For Frontend (BFF) Samples](backend-for-frontend-bff-samples-2.md): A collection of sample applications demonstrating how to use the BFF security framework with different frontend techn... - [Upgrading BFF Security Framework](upgrading-bff-security-framework-2.md): Guide for upgrading Duende.BFF versions, including NuGet package updates - [Duende BFF Security Framework v2.x to v3.0](duende-bff-security-framework-v2x-to-v30-2.md): Guide for upgrading Duende BFF Security Framework from version 2.x to version 3.0, including migration steps for cust... - [Duende BFF Security Framework v3.0 to v4.0](duende-bff-security-framework-v30-to-v40-2.md): Guide for upgrading Duende BFF Security Framework from version 3.x to version 4.0, including migration steps for cust... - [Glossary](glossary-2.md): A comprehensive glossary of security and identity management terms, including features and concepts used in Duende Id... - [Licensing](licensing-2.md): Details about Duende IdentityServer and BFF licensing requirements, editions, configuration options, and trial mode f... - [Logging Fundamentals](logging-fundamentals.md): General guidance on configuring logging for Duende Software products using Microsoft.Extensions.Logging and Serilog. - [Security Best Practices](security-best-practices-2.md): A comprehensive guide to security practices and procedures used in Duende Software development lifecycle - [Support & Issues](support-issues-2.md): Comprehensive guide for accessing source code, reporting issues, and obtaining support for Duende products. - [Duende IdentityModel](duende-identitymodel-2.md): Duende.IdentityModel for OpenID Connect and OAuth 2.0 related protocol operations, providing object models and utilit... - [Duende IdentityModel OIDC Client](duende-identitymodel-oidc-client-2.md): A certified OpenID Connect relying party library for building native clients with .NET, supporting various UI framewo... - [Demonstrating Proof-of-Possession (DPoP)](demonstrating-proof-of-possession-dpop-2-2.md): Learn how to leverage Demonstrating Proof-of-Possession when using OidcClient to build a native OIDC client. - [OIDC Client Automatic Mode](oidc-client-automatic-mode-2.md): Learn how to implement automatic OAuth/OIDC authentication by encapsulating browser interactions using OidcClient - [OIDC Client Logging](oidc-client-logging-2.md): Learn how to configure and customize logging in OidcClient using Microsoft.Extensions.Logging.ILogger - [OIDC Client Manual Mode](oidc-client-manual-mode-2.md): Guide for implementing manual mode in OidcClient to handle browser interactions and token processing - [Duende IdentityModel OIDC Client Samples](duende-identitymodel-oidc-client-samples-2.md): A collection of sample applications demonstrating how to use IdentityModel.OidcClient with various platforms and UI f... - [Device Authorization Endpoint](device-authorization-endpoint-2.md): Documentation for OAuth 2.0 device flow authorization endpoint using HttpClient extension methods - [Discovery Endpoint](discovery-endpoint-2.md): Documentation for using the OpenID Connect discovery endpoint client library, including configuration, validation, an... - [Dynamic Client Registration](dynamic-client-registration-2.md): Documentation for OpenID Connect Dynamic Client Registration library extension method for HttpClient that enables cli... - [General Usage](general-usage-2.md): Overview of IdentityModel client libraries common design patterns and usage for OpenID Connect and OAuth 2.0 endpoint... - [Token Introspection Endpoint](token-introspection-endpoint-2.md): Learn how to use the OAuth 2.0 token introspection endpoint to validate and inspect access tokens using HttpClient ex... - [Token Revocation Endpoint](token-revocation-endpoint-2.md): Client library implementation for OAuth 2.0 token revocation endpoint using HttpClient extension methods - [Token Endpoint](token-endpoint-2.md): Documentation for the OAuth 2.0 and OpenID Connect token endpoint client library, providing extension methods for Htt... - [UserInfo Endpoint](userinfo-endpoint-2.md): The client library for the [OpenID Connect UserInfo](https://openid.net/specs/openid-connect-core-1_0.html#userinfo) ... - [Base64 URL Encoding](base64-url-encoding-2.md): Documentation for Base64 URL encoding and decoding utilities in Duende IdentityModel, used for JWT token serialization - [Protocol and Claim Type Constants](protocol-and-claim-type-constants-2.md): Explore constant string classes provided by IdentityModel for OAuth 2.0, OpenID Connect protocol values, and JWT clai... - [Epoch Time Conversion](epoch-time-conversion-2.md): Learn about converting between DateTime and Unix/Epoch time formats in Duende IdentityModel for JWT tokens - [Creating Authorize and EndSession URLs](creating-authorize-and-endsession-urls-2.md): Helper utilities for creating OAuth 2.0/OpenID Connect authorization and end session URLs with query parameters - [Time-Constant String Comparison](time-constant-string-comparison-2.md): Learn about implementing secure string comparison to prevent timing attacks in security-sensitive contexts using Time... - [Fluent X.509 Certificate Store API](fluent-x509-certificate-store-api-2.md): Provides a simplified, fluent API for accessing and managing X.509 certificates in a certificate store. - [Duende IdentityServer](duende-identityserver-2.md): Overview of Duende IdentityServer framework for OpenID Connect and OAuth 2.x protocols, covering extensibility, secur... - [Protecting APIs](protecting-apis-2.md): Learn how to secure and protect your APIs using Duende IdentityServer's token-based authentication and authorization - [Authorization based on Scopes and Claims](authorization-based-on-scopes-and-claims-2.md): Guide for implementing authorization using scope claims and ASP.NET Core authorization policies with IdentityServer a... - [Validating Proof-of-Possession](validating-proof-of-possession-2.md): Guide for validating Proof-of-Possession (PoP) access tokens in ASP.NET Core using mTLS or DPoP mechanisms - [Using JSON Web Tokens (JWTs)](using-json-web-tokens-jwts-2.md): Guide for validating JWT bearer tokens in ASP.NET Core applications using the JWT authentication handler - [Reference Tokens](reference-tokens-2.md): Guide for implementing reference token validation in ASP.NET Core APIs using OAuth 2.0 token introspection - [ASP.NET Identity Integration](aspnet-identity-integration-2.md): Guide to integrating ASP.NET Identity with IdentityServer for user management, including setup instructions and confi... - [Authentication Schemes and Cookies](authentication-schemes-and-cookies.md): Understanding the authentication schemes and cookies used by Duende IdentityServer, especially when integrated with A... - [Configuration API](configuration-api-2.md): Documentation for the Configuration API endpoints that enable management and configuration of IdentityServer implemen... - [Dynamic Client Registration (DCR)](dynamic-client-registration-dcr-2.md): Learn how to configure and use Dynamic Client Registration (DCR) to automatically register OAuth clients with Identit... - [Data Stores and Persistence](data-stores-and-persistence-2.md): Overview of IdentityServer data stores types, including configuration and operational data, and their implementation ... - [Configuration Data](configuration-data-2.md): Documentation about configuration data models and stores in Duende IdentityServer, including client, resource, and id... - [Entity Framework Core Integration](entity-framework-core-integration-2.md): Documentation for using Entity Framework with IdentityServer to store configuration and operational data in any EF-su... - [Operational Data](operational-data-2.md): Documentation for managing dynamic operational data in IdentityServer including grants, keys, and server-side sessions - [IdentityServer Deployment](identityserver-deployment-2.md): Comprehensive guide covering key aspects of deploying IdentityServer including proxy configuration, data protection, ... - [Federal Information Processing Standard (FIPS) compliance](federal-information-processing-standard-fips-compliance-2.md): Explains Duende IdentityServer Federal Information Processing Standard (FIPS) compliance. - [Diagnostics](diagnostics-2-2.md): Overview of IdentityServer's diagnostic capabilities including logging, OpenTelemetry integration, and event system f... - [Diagnostics Data](diagnostics-data-2.md): Added in 7.3 - [Events](events-2.md): Documentation about IdentityServer's event system for structured logging and monitoring of important operations - [Logging](logging-2.md): Documentation for logging configuration and usage in Duende IdentityServer, including log levels and Serilog setup - [OpenTelemetry](opentelemetry-2.md): Documentation for OpenTelemetry integration in IdentityServer, covering metrics, traces and logs collection for monit... - [Claims](claims-2.md): Learn about how IdentityServer emits and manages claims for users and clients, including claim emission strategies an... - [Clients](clients-2.md): Learn about configuring and managing client applications that can request tokens from IdentityServer - [Hosting](hosting-2.md): Learn how to host and configure Duende IdentityServer in ASP.NET Core applications by adding services and middleware ... - [Key Management](key-management-2.md): Learn how to manage cryptographic keys for token signing in IdentityServer using automatic or static key management - [ASP.NET Core OpenID Connect Handler Events](aspnet-core-openid-connect-handler-events-2.md): ASP.NET Core's OpenID Connect handler events, what they are, and why you might want to use them. - [Resources](resources-2.md): Overview of resource types in Duende IdentityServer including API resources, identity resources, API scopes, and reso... - [API Resources](api-resources-2.md): Learn how API Resources in Duende IdentityServer help organize and group scopes, manage token claims, and control acc... - [API Scopes](api-scopes-2.md): Learn about API scopes in IdentityServer, how to define and use them for access control, and how they work with OAuth... - [Identity Resources](identity-resources-2.md): Learn about identity resources in Duende IdentityServer - named groups of claims about users that can be requested us... - [Resource Isolation](resource-isolation-2.md): Learn about isolating OAuth resources and using the resource parameter to control access token scope and audience - [Users and Logging In](users-and-logging-in-2.md): Overview of user management, authentication workflows, and UI customization options in Duende IdentityServer - [The Big Picture](the-big-picture-2.md): An overview of modern application architecture patterns and how OpenID Connect and OAuth 2.0 protocols implemented by... - [Packaging and Builds](packaging-and-builds-2.md): A guide to Duende IdentityServer packages, templates, UI components, and source code accessibility - [More Reading Resources](more-reading-resources-2.md): Collection of learning resources including demo server access, OAuth fundamentals, and ASP.NET security guides - [Supported Specifications](supported-specifications-2.md): A comprehensive list of supported OpenID Connect and OAuth 2.x specifications implemented in Duende IdentityServer - [Terminology](terminology-2.md): Learn about the key terms and concepts used in IdentityServer, including clients, resources, tokens, and user authent... - [IdentityServer Quickstarts](identityserver-quickstarts-2.md): Step-by-step tutorials for implementing common Duende IdentityServer scenarios, from basic setup to advanced features. - [Protecting An API With Client Credentials](protecting-an-api-with-client-credentials-2.md): Learn how to set up IdentityServer to protect an API using client credentials, implementing server-to-server authenti... - [Interactive Applications With ASP.NET Core](interactive-applications-with-aspnet-core-2.md): Learn how to add interactive user authentication to an ASP.NET Core application using OpenID Connect and IdentityServ... - [ASP.NET Core And API access](aspnet-core-and-api-access-2.md): Learn how to combine user authentication with API access by requesting both identity and API scopes during the OpenID... - [Token Management](token-management-3-2.md): Learn how to manage access tokens in interactive applications, including requesting refresh tokens, caching, and auto... - [Entity Framework Core: Configuration & Operational Data](entity-framework-core-configuration-operational-data-2.md): Learn how to configure IdentityServer to use Entity Framework Core for storing configuration and operational data in ... - [ASP.NET Core Identity](aspnet-core-identity-2.md): Learn how to integrate ASP.NET Core Identity with IdentityServer to manage user authentication and storage using Enti... - [Building Blazor WASM Client Applications](building-blazor-wasm-client-applications-2.md): Learn how to build secure Blazor WebAssembly applications using the Duende BFF security framework and integrate them ... - [Building Browser-Based Client Applications](building-browser-based-client-applications-2.md): Overview of browser-based client application patterns and security considerations when implementing JavaScript client... - [Browser-Based Applications With A BFF](browser-based-applications-with-a-bff-2.md): Guide to building secure browser-based JavaScript applications using the Backend For Frontend (BFF) pattern with Duen... - [JavaScript Applications Without A Backend](javascript-applications-without-a-backend-2.md): Learn how to build a client-side JavaScript application that interacts directly with IdentityServer for authenticatio... - [Models](models-2.md): Reference documentation for the models and interfaces used in Dynamic Client Registration (DCR), including request/re... - [Options](options-2.md): Reference documentation for the IdentityServer configuration options related to dynamic client registration and secre... - [Request Processing](request-processing-2.md): Understand how dynamic client registration requests are processed, including client ID and secret generation, through... - [Response Generation](response-generation-2.md): Reference documentation for dynamic client registration response generation, including interfaces and implementations... - [Store](store-2.md): Reference documentation for the Dynamic Client Registration (DCR) store interfaces and implementations used to manage... - [Validation](validation-2.md): Reference documentation for Dynamic Client Registration (DCR) validation process, including validation steps, interfa... - [Dependency Injection Extension Methods](dependency-injection-extension-methods-2.md): A comprehensive guide to IdentityServer's dependency injection extension methods for configuring services, stores, ca... - [Entity Framework Core Options](entity-framework-core-options-2.md): Configuration options available when using Entity Framework Core as the storage implementation for IdentityServer. - [Configuration Options](configuration-options-2-2.md): Configuration options available when using Entity Framework Core as the configuration store in IdentityServer - [Operational Options](operational-options-2.md): Configure Entity Framework Core operational store options including database schema, pooling settings, and cleanup pa... - [Authorize Endpoint](authorize-endpoint-2.md): Documentation for the authorize endpoint which handles browser-based token and authorization code requests, including... - [Backchannel Authentication Endpoint](backchannel-authentication-endpoint-2.md): Documentation for the CIBA endpoint which allows clients to initiate backchannel authentication requests for users wi... - [Device Authorization Endpoint](device-authorization-endpoint-2-2.md): Documentation for the device authorization endpoint which handles device flow authentication requests and issues devi... - [Discovery Endpoint](discovery-endpoint-2-2.md): Learn about the discovery endpoint that provides metadata about your IdentityServer configuration, including issuer n... - [End Session Endpoint](end-session-endpoint-2.md): The end session endpoint enables single sign-out functionality in OpenID Connect, allowing users to terminate their s... - [Introspection Endpoint](introspection-endpoint-2.md): Documentation for the RFC 7662 compliant introspection endpoint used to validate reference tokens, JWTs, and refresh ... - [OAuth Metadata Endpoint](oauth-metadata-endpoint-2.md): Learn about the OAuth metadata endpoint that provides information about your IdentityServer configuration, including ... - [Revocation Endpoint](revocation-endpoint-2.md): Learn about the revocation endpoint that allows invalidating access and refresh tokens according to RFC 7009 specific... - [Token Endpoint](token-endpoint-2-2.md): Documentation for the token endpoint that enables programmatic token requests using various grant types and parameter... - [UserInfo Endpoint](userinfo-endpoint-2-2.md): Reference documentation for the UserInfo endpoint, which allows retrieval of authenticated user claims using a valid ... - [API Resource](api-resource-2.md): Reference documentation for the ApiResource class which models an API in Duende IdentityServer, including its propert... - [API Scope](api-scope-2.md): Reference documentation for the ApiScope class which models an OAuth scope in Duende IdentityServer, including its pr... - [Backchannel User Login Request](backchannel-user-login-request-2.md): Reference documentation for the BackchannelUserLoginRequest class which models the information needed to initiate a u... - [Client](client-2.md): Reference documentation for the Client class which models an OpenID Connect or OAuth 2.0 client in Duende IdentitySer... - [Grant Validation Result](grant-validation-result-2.md): Reference documentation for the GrantValidationResult class which models the outcome of grant validation for extensio... - [Identity Resource](identity-resource-2.md): Reference documentation for the IdentityResource class which models an identity resource in Duende IdentityServer, in... - [Identity Provider](identity-provider-2.md): Reference documentation for identity provider models in Duende IdentityServer, including OidcProvider for external Op... - [License Usage Summary](license-usage-summary-2.md): Reference documentation for the LicenseUsageSummary class which provides detailed information about clients, issuers,... - [Secrets](secrets-2.md): Reference documentation for secret handling in Duende IdentityServer, including the ISecretParser interface for extra... - [IdentityServer Options](identityserver-options-2.md): Documentation of all configuration options in Duende IdentityServer, including settings for key management, endpoints... - [Response Generators](response-generators-2.md): An overview of IdentityServer's response generation pattern and customization options for protocol endpoint responses. - [Authorize Interaction Response Generator](authorize-interaction-response-generator-2.md): Documentation for the IAuthorizeInteractionResponseGenerator interface which determines if a user must log in or cons... - [IHttpResponseWriter](ihttpresponsewriter-2.md): Documentation for the IHttpResponseWriter interface, a low-level abstraction for customizing serialization, encoding,... - [Token Response Generator](token-response-generator-2.md): Documentation for the ITokenResponseGenerator interface and its implementation, which generates responses to valid to... - [Backchannel Authentication Interaction Service](backchannel-authentication-interaction-service-2.md): Documentation for the IBackchannelAuthenticationInteractionService interface which provides services for accessing an... - [Backchannel Authentication User Notification Service](backchannel-authentication-user-notification-service-2.md): Documentation for the IBackchannelAuthenticationUserNotificationService interface which is used to notify users when ... - [Device Flow Interaction Service](device-flow-interaction-service-2.md): Documentation for the IDeviceFlowInteractionService interface which provides services for user interfaces to communic... - [IdentityServer Interaction Service](identityserver-interaction-service-2.md): Documentation for the IIdentityServerInteractionService interface which provides services for user interfaces to comm... - [Persisted Grant Service](persisted-grant-service-2.md): Documentation for the IPersistedGrantService interface which provides access to a user's grants for managing consent ... - [Profile Service](profile-service-2.md): Documentation for the IProfileService interface which encapsulates retrieval of user claims and determines if users a... - [Refresh Token Service](refresh-token-service-2.md): Documentation for the IRefreshTokenService interface which handles validation, creation, and updating of refresh toke... - [Session Management Service](session-management-service-2.md): Documentation for the ISessionManagementService interface which provides administrative features to query and termina... - [Token Creation Service](token-creation-service-2.md): Documentation for the ITokenCreationService interface which is responsible for creating security tokens by converting... - [User Session Service](user-session-service-2.md): Documentation for the IUserSession interface which manages user sessions and tracks participating client applications... - [Stores](stores-2.md): An overview of IdentityServer's persistence layer abstractions that manage configuration and operational data for aut... - [Backchannel Authentication Request Store](backchannel-authentication-request-store-2.md): Documentation for the IBackChannelAuthenticationRequestStore interface which is used to store and manage backchannel ... - [Client Store](client-store-2.md): Documentation for the IClientStore interface which is used to dynamically load client configuration by client ID. - [CORS Policy Service](cors-policy-service-2.md): Documentation for the ICorsPolicyService interface which determines if CORS requests from specific origins are allowe... - [Device Flow Store](device-flow-store-2.md): Documentation for the IDeviceFlowStore interface which manages storage of authorization grants for the device flow au... - [Identity Provider Store](identity-provider-store-2.md): Documentation for the IIdentityProviderStore interface which dynamically loads identity provider configurations for e... - [Persisted Grant Store](persisted-grant-store-2.md): Documentation for the IPersistedGrantStore interface which manages storage and retrieval of authorization grants such... - [Pushed Authorization Request Store](pushed-authorization-request-store-2.md): Interface for managing pushed authorization requests storage in OAuth PAR flow. - [Resource Store](resource-store-2.md): Documentation for the IResourceStore interface which dynamically loads identity resources, API scopes, and API resour... - [Server-Side Session Store](server-side-session-store-2.md): Documentation for the IServerSideSessionStore interface and related models for managing server-side user authenticati... - [Signing Key Store](signing-key-store-2.md): Documentation for the ISigningKeyStore interface which manages the storage, retrieval, and deletion of cryptographic ... - [Backchannel Authentication User Validator](backchannel-authentication-user-validator-2.md): Documentation for the IBackchannelAuthenticationUserValidator interface which is used to validate request hints and i... - [Custom Authorize Request Validator](custom-authorize-request-validator-2.md): Documentation for the ICustomAuthorizeRequestValidator interface which allows inserting custom validation logic into ... - [Custom Token Request Validator](custom-token-request-validator-2.md): Documentation for the ICustomTokenRequestValidator interface which allows inserting custom validation logic into toke... - [DPoP Proof Validator](dpop-proof-validator-2.md): Documentation for the IDPoPProofValidator interface which validates Demonstrating Proof of Possession (DPoP) tokens t... - [Extension Grant Validator](extension-grant-validator-2.md): Documentation for the IExtensionGrantValidator interface which enables custom OAuth grant types by handling validatio... - [Duende IdentityServer Samples](duende-identityserver-samples-2.md): A collection of runnable samples demonstrating various IdentityServer scenarios with source code available in the Git... - [ASP.NET Identity Integration](aspnet-identity-integration-2-2.md): A sample demonstrating how to integrate ASP.NET Identity with Duende IdentityServer using minimal code to create a wo... - [Basics](basics-2.md): A collection of common IdentityServer scenarios including client credentials, JWT-based authentication, reference tok... - [Clients](clients-2-2.md): A collection of client technology samples demonstrating how to connect different platforms like .NET 4.8 WebForms, MV... - [Configuration API](configuration-api-2-2.md): Samples demonstrating the IdentityServer.Configuration API for Dynamic Client Registration (DCR), permissions managem... - [Diagnostics](diagnostics-3.md): Samples demonstrating IdentityServer's diagnostic capabilities with OpenTelemetry integration, including metrics, tra... - [Miscellaneous](miscellaneous-2.md): A collection of specialized IdentityServer samples covering Azure Functions security, mutual TLS with Kestrel, DPoP f... - [Requesting tokens](requesting-tokens-2.md): Samples demonstrating token-related features in IdentityServer, including extension grants for Token Exchange impleme... - [User Interaction](user-interaction-2.md): Samples demonstrating customization of IdentityServer's interactive pages, including custom profile services, step-up... - [Requesting Tokens](requesting-tokens-2-2.md): An overview of token types in Duende IdentityServer, including identity tokens, access tokens, and refresh tokens, al... - [Client Authentication](client-authentication-2.md): A comprehensive guide to client authentication methods in Duende IdentityServer, including shared secrets, private ke... - [Calling Endpoints from JavaScript](calling-endpoints-from-javascript-2.md): In JavaScript-based clients, some endpoints like the token endpoint (but also discovery) will be accessed via Ajax ca... - [Dynamic Request Validation and Customization](dynamic-request-validation-and-customization-2.md): A guide to implementing the ICustomTokenRequestValidator interface to extend the token request pipeline with addition... - [Extension Grants](extension-grants-2.md): A guide to implementing OAuth extension grants in IdentityServer for non-standard token issuance scenarios, with a fo... - [FAPI 2.0](fapi-20-2.md): Overview of the FAPI 2.0 implementation in Duende IdentityServer 7.3+ - [Issuing Internal Tokens](issuing-internal-tokens-2.md): A guide to using the IIdentityServerTools interface for creating JWT tokens internally within IdentityServer's extens... - [Signed Authorize Requests](signed-authorize-requests-2.md): JWT Secured Authorization Request (JAR) is a security enhancement that allows authorization parameters to be packaged... - [Pushed Authorization Requests](pushed-authorization-requests-2.md): Pushed Authorization Requests (PAR) in IdentityServer, an OAuth standard that enhances security by moving authorizati... - [Issuing Tokens Based On User Passwords](issuing-tokens-based-on-user-passwords-2.md): A guide to implementing the deprecated password grant type in IdentityServer for legacy applications, covering token ... - [Proof-of-Possession Access Tokens](proof-of-possession-access-tokens-2.md): Documentation for Proof-of-Possession (PoP) tokens, which enhance security by cryptographically binding tokens to cli... - [Reference Tokens](reference-tokens-2-2.md): Documentation about reference tokens in Duende IdentityServer, including how they are stored, accessed, and configure... - [Refreshing a Token](refreshing-a-token-2.md): Documentation for refresh token management in IdentityServer, including requesting, using and securing refresh tokens... - [Requesting a Token](requesting-a-token-2.md): Guide explaining how to request tokens for both machine-to-machine communication and interactive applications, includ... - [Duende IdentityServer Troubleshooting](duende-identityserver-troubleshooting-2.md): When troubleshooting an IdentityServer setup we have some tips and tricks to share. These are both ways to get more i... - [Export HAR Files for Analyzing Client-Side Interactions](export-har-files-for-analyzing-client-side-interactions.md): Documentation for creating HAR files, and how they can be used for client-side diagnostics. - [User Interaction](user-interaction-2-2.md): Overview of IdentityServer's user interaction architecture, explaining how the UI is separated from the core engine t... - [IdentityServer Admin UI](identityserver-admin-ui-2.md): Documentation for implementing an administrative UI for IdentityServer. - [Client Initiated Backchannel Authentication (CIBA)](client-initiated-backchannel-authentication-ciba-2.md): Documentation for implementing CIBA in IdentityServer, a workflow that allows users to authenticate on a trusted devi... - [Consent](consent-2.md): Documentation for implementing the consent page in IdentityServer, which allows users to grant client applications pe... - [Custom Pages](custom-pages-2.md): Guide for implementing custom pages in IdentityServer beyond standard authentication pages, including integration wit... - [Error](error-2.md): Documentation for implementing the error page in IdentityServer, which displays information to users when errors occu... - [Federation Gateway](federation-gateway-2.md): Guide to implementing federation in IdentityServer, allowing it to act as a gateway that offers multiple external aut... - [Getting Started](getting-started-2-2.md): Guide to implementing the login page in IdentityServer, which establishes user authentication sessions and can be con... - [Login Context](login-context-2.md): Guide to accessing and using authorization request parameters from the returnUrl to customize the login workflow in I... - [Dynamic Providers](dynamic-providers-2.md): Documentation for IdentityServer's Dynamic Identity Providers feature, which enables configuring external authenticat... - [Integrating with External Providers](integrating-with-external-providers-2.md): Guide to integrating external identity providers with IdentityServer, including registration of authentication handle... - [Accepting Local Credentials](accepting-local-credentials-2.md): Guide to implementing a local login page in IdentityServer that validates username/password credentials, issues authe... - [Multi Factor Authentication](multi-factor-authentication-2.md): Overview of multi-factor authentication (MFA) implementation options in IdentityServer, including using ASP.NET Core ... - [Redirecting Back To The Client](redirecting-back-to-the-client-2.md): Guide to safely redirecting users back to client applications after login in IdentityServer, using the returnUrl para... - [Authentication Session](authentication-session-2.md): Guide to establishing and configuring authentication sessions in IdentityServer using ASP.NET Core's cookie authentic... - [Windows Authentication](windows-authentication-2.md): Guide to implementing Windows authentication in IdentityServer using various approaches including IIS hosting, HTTP.S... - [Getting Started](getting-started-3-2.md): Guide to implementing the logout page in IdentityServer, which terminates user authentication sessions and handles se... - [Returning to the Client](returning-to-the-client-2.md): Guide to properly redirecting users back to client applications after logout in IdentityServer, ensuring front-channe... - [External Logout](external-logout-2.md): Guide to implementing logout from external identity providers in IdentityServer, including detecting provider usage, ... - [External Logout Notification](external-logout-notification-2.md): Documentation on federated sign-out in IdentityServer, explaining how external identity provider logout notifications... - [Logout Context](logout-context-2.md): Guide to accessing and using the LogoutRequest context in IdentityServer, which provides essential information for im... - [Client Notifications](client-notifications-2.md): Comprehensive guide to client notification mechanisms in IdentityServer, covering front-channel, back-channel, and Ja... - [Session Cleanup and Logout](session-cleanup-and-logout-2.md): Guide to correctly ending a session in IdentityServer, including removing authentication cookies, handling external l... - [Client Application Portal](client-application-portal-2.md): Documentation for creating a client application portal within IdentityServer that provides links to applications conf... - [Overview](overview-2.md): An introduction to IdentityServer's server-side sessions feature, which stores authentication state on the server rat... - [Inactivity Timeout](inactivity-timeout-2.md): A guide to implementing system-wide inactivity timeout in IdentityServer using server-side sessions to coordinate use... - [Session Expiration](session-expiration-2.md): Documentation on IdentityServer's session expiration feature, which automatically cleans up expired server-side sessi... - [Session Management](session-management-2-2.md): Documentation on using the ISessionManagementService to query and terminate user sessions in IdentityServer, includin... - [Upgrading IdentityServer](upgrading-identityserver-2.md): Guide for upgrading between IdentityServer versions, including instructions for database migrations, breaking changes... - [IdentityServer4 to Duende IdentityServer v7.4](identityserver4-to-duende-identityserver-v74.md): This upgrade guide covers upgrading from IdentityServer4 to Duende IdentityServer v7.4. IdentityServer4 reached its e... - [IdentityServer4 to Duende IdentityServer - Migration Analysis Tool](identityserver4-to-duende-identityserver-migration-analysis-tool.md): To help assist in planning the [migration of an IdentityServer4 implementation to Duende IdentityServer](/identityser... - [IdentityServer4 v3.1 to IdentityServer4 v4.1](identityserver4-v31-to-identityserver4-v41.md): This upgrade guide covers upgrading from IdentityServer4 v3.1.x to IdentityServer4 v4.1.x. - [IdentityServer4 v4.1 to Duende IdentityServer v6](identityserver4-v41-to-duende-identityserver-v6-2.md): This upgrade guide covers upgrading from IdentityServer4 v4.1.x to Duende IdentityServer v6. - [Microsoft SPA and Blazor Templates](microsoft-spa-and-blazor-templates-2.md): A guide for migrating from Microsoft's SPA and Blazor templates to a recommended Duende IdentityServer architecture w... - [Duende IdentityServer v5.0 to v5.1](duende-identityserver-v50-to-v51-2.md): This upgrade guide covers upgrading from Duende IdentityServer v5.0 to v5.1 ([release notes](https://github.com/Duend... - [Duende IdentityServer v5.1 to v5.2](duende-identityserver-v51-to-v52-2.md): This upgrade guide covers upgrading from Duende IdentityServer v5.1 to v5.2 ([release notes](https://github.com/Duend... - [Duende IdentityServer v5.2 to v6.0](duende-identityserver-v52-to-v60-2.md): This upgrade guide covers upgrading from Duende IdentityServer v5.2 to v6.0 ([release notes](https://github.com/Duend... - [Duende IdentityServer v6.0 to v6.1](duende-identityserver-v60-to-v61-2.md): This upgrade guide covers upgrading from Duende IdentityServer v6.0 to v6.1 ([release notes](https://github.com/Duend... - [Duende IdentityServer v6.1 to v6.2](duende-identityserver-v61-to-v62-2.md): This upgrade guide covers upgrading from Duende IdentityServer v6.1 to v6.2 ([release notes](https://github.com/Duend... - [Duende IdentityServer v6.2 to v6.3](duende-identityserver-v62-to-v63-2.md): This upgrade guide covers upgrading from Duende IdentityServer v6.2 to v6.3 ([release notes](https://github.com/Duend... - [Duende IdentityServer v6.3 to v7.0](duende-identityserver-v63-to-v70-2.md): IdentityServer v7.0 includes support for .NET 8, pushed authorization requests, OpenTelemetry metrics, cleanup job im... - [Duende IdentityServer v7.0 to v7.1](duende-identityserver-v70-to-v71-2.md): IdentityServer v7.1 includes support for .NET 9 and many other smaller fixes and enhancements. Please see our [releas... - [Duende IdentityServer v7.1 to v7.2](duende-identityserver-v71-to-v72-2.md): This upgrade guide covers upgrading from Duende IdentityServer v7.1 to v7.2 ([release notes](https://github.com/Duend... - [Duende IdentityServer v7.2 to v7.3](duende-identityserver-v72-to-v73-2.md): This upgrade guide covers upgrading from Duende IdentityServer v7.2 to v7.3 ([release notes](https://github.com/Duend... - [Duende IdentityServer v7.3 to v7.4](duende-identityserver-v73-to-v74-2.md): This upgrade guide covers upgrading from Duende IdentityServer v7.3 to v7.4 ([release notes](https://github.com/Duend... - [Duende Introspection Authentication Handler](duende-introspection-authentication-handler-2.md): An ASP.NET Core authentication handler for OAuth 2.0 token introspection. - [Configuring OAuth 2.0 Token Introspection](configuring-oauth-20-token-introspection-2.md): Learn more about the various options when adding the ASP.NET Core authentication handler for OAuth 2.0 token introspe... - [Quick links](quick-links-2.md): A collection of frequently accessed links for Duende documentation, licensing, and community resources.