The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core.
Welcome to the official GitHub repository for Duende IdentityServer!
Duende IdentityServer is a highly extensible, standards-compliant framework for implementing the OpenID Connect and OAuth 2.x protocols in ASP.NET Core. It offers deep flexibility for handling authentication, authorization, and token issuance and can be adapted to fit complex custom security scenarios.
- Customizable User Experience: Go beyond simple branding to fully customizable user interfaces.
- Core Engine Customization: The engine itself is modular and built from services that can be extended or overridden.
Duende IdentityServer supports a wide range of security scenarios for modern applications:
- Federation: Easily integrate with external identity providers or other authentication services using ederation.
- Token Exchange: Enable secure token exchange between clients and services with Token Exchange.
- Audience Constrained Tokens: Restrict tokens to specific audiences, increasing security in multi-service architectures. Learn more about audience-constrained tokens.
- Sender Constrained Tokens: Implement Proof of Possession (PoP) tokens with DPoP or mTLS, which bind tokens to the client, adding another layer of protection.
- Pushed Authorization Requests (PAR): Support Pushed Authorization Requests to enhance the security of the authorization flow.
If you're ready to dive into development, check out our Quickstart Tutorial Series for step-by-step guidance.
For more in-depth documentation, visit our documentation portal.
Duende IdentityServer is source-available, but requires a paid license for production use.
- Development and Testing: You are free to use and explore the code for development, testing, or personal projects without a license.
- Production: A license is required for production environments.
- Free Community Edition: A free Community Edition license is available for qualifying companies and non-profit organizations. Learn more here.
- For bug reports or feature requests, open an issue on GitHub: Submit an Issue.
- For security-related concerns, please contact us privately at: security@duendesoftware.com.
