Introducing the next era of Duende IdentityServer.
Three open source libraries that handle the hard parts of OAuth, OpenID Connect, and token management in .NET. All so your team ships features instead of rebuilding identity primitives. Permissively licensed. Production-tested. Maintained by the people behind Duende IdentityServer.
Three focused libraries, each solving a specific problem .NET teams hit the moment they integrate with an OAuth or OIDC provider. Use one, use all three. They're independent, and they compose cleanly with ASP.NET Core and with each other.
Helpers and client libraries for OpenID Connect, OAuth, and claims-based identity.
Automatic token management for machine-to-machine and user-centric web app OAuth and OIDC flows.
Libraries for building OpenID Connect native clients - desktop, mobile, and CLI.
Trust us. These libraries are the ones we use, maintain, and stand behind. All built by the same team that builds Duende IdentityServer.
Written and maintained by the team behind Duende IdentityServer. The same engineers who ship the commercial platform review the pull requests, cut the releases, and answer the hard questions.
Apache 2.0. Use them in commercial products. Ship them in closed-source apps. No seat counts, no revenue thresholds, no asterisks.
These libraries have been in production at financial institutions, healthcare platforms, and government systems for years. This isn't experimental code. It's the quiet dependency under a lot of serious .NET identity work.
Each library does one thing. No framework lock-in, no kitchen-sink abstractions. Reference what you need, leave the rest.
Whether you're talking to Duende IdentityServer, Azure AD, Auth0, Okta, Keycloak, or a home-grown provider, IdentityModel gives you the client primitives and Access Token Management gives you the lifecycle.
OIDC Client handles the authorization code + PKCE flow correctly for public clients, so you don't have to re-read RFC 8252 on a deadline.
One set of libraries, one mental model, across every .NET service and client your organization ships.
No. They work with any compliant OAuth 2.0 or OpenID Connect provider. They're designed around the specs, not around a specific product.
Apache 2.0. Commercial use, redistribution, and modification are all permitted. See LICENSE in each repository.
ASP.NET Core includes authentication handlers for OIDC and JWT bearer. These libraries fill the gaps around them with token lifecycle management, native-client flows, and lower-level protocol helpers. They are usable outside ASP.NET Core as well.
Community support is through GitHub Issues and GitHub Discussions. Commercial support is available to Duende IdentityServer customers and covers these libraries as part of the paid offering.
Yes. PRs are welcome. Check CONTRIBUTING.md in each repository for guidelines.
Each library targets currently-supported .NET versions. Check the README in each repository for specifics.
Can’t find what you’re looking for?
Install the package, wire it in, and get back to the code that actually differentiates your product.
