Introducing the next era of Duende IdentityServer.

Read our CEO’s announcement
Start for Free

Introducing Duende.AccessTokenManagement

Two blue circles

Every single OAuth/OIDC project needs a solution for token management in client applications at some point. It first
sounds like a trivial thing, but it is surprisingly hard to get it right.

We have been working on an access token management library for ASP.NET Core on the side for a couple of years now, and
we also used it ourselves in our BFF security framework.

And while re-visiting it recently, we realized it shows its age and needs some substantial work to maintain. That why we
decided that we will take this codebase on as our first Duende sponsored free open source project - *
Duende.AccessTokenManagement*.

D.ATM (as we call it) contains all the features from
the initial project in the IdentityModel organisation and
is licensed under Apache 2. Besides that it has a couple of improvements, e.g.

  • optimized for .NET 6+
  • re-worked all configuration to be more idiomatic and DI friendly
  • re-worked the layering to reduce dependencies in situations where ASP.NET is actually not needed (e.g. in
    demons/workers)
  • better extensibility
  • bug fixes and optimisations for edge cases
  • clean up and (hopefully) better tests

We also worked on documentation - especially with
focus on the two main
scenarios: workers
and web applications (and a
little bit of Blazor Server).

It is currently in preview stage and can be found on
NuGet here
and here, but we are planning to release v1
in the coming weeks. Please give it a try and feel free to get involved. This would help us a lot.

Update

V1 has been released and also tested for .NET 7 compatibility - we also created a short introductory
video here.