Profile avatar
jmdc.dev
I lead the IdentityServer team for Duende Software.
66 posts 131 followers 161 following
Prolific Poster
Conversation Starter
Posts 35 Comments 12

Duende BFF Security Framework v4 Preview 1 is out! 🎉 This first preview of BFF v4 comes with support for hosting multiple frontends, easier wireup and configuration, OpenTelemetry, and more. Changelog and feedback: github.com/orgs/DuendeS... #security #dotnet #aspnetcore #oidc #react

submitted 3 days ago • 0 comments

submitted 2 days ago • 16 comments

self-issued.info?p=2708

submitted 14 days ago • 0 comments

What are some of the essential moments in the OAuth and OpenID Connect timeline? In this article, we look back at the past 15 years to explore how the IETF and OpenID Foundation have set standards that shaped OAuth and OpenID Connect today. duende.link/q39aegk #dotnet #security #ietf #oidc

submitted 19 days ago • 0 comments

This week's .NET Rocks! features Erwin van der Valk talking about the Backend for Frontend (BFF) pattern and how it can be used to secure browser-based applications. Tune in at duende.link/1950dnr 🎧 #dotnet #bff #security #aspnetcore

submitted 24 days ago • 0 comments

I still dont quite understand the math of a company that posted $25.8B in last quarter's profit then cuts 3% of their workforce maybe thats why I was never cut out for management

submitted 25 days ago • 6 comments

Ugh, I literally can't figure out how to end my foxit subscription. You were a fine tool foxit, but I am not an independent consultant anymore and I don't need you right now. But please don't do this dark pattern of making it impossible to unsubscribe!

submitted 31 days ago • 0 comments

No. Go fuck yourselves.

submitted 32 days ago • 3 comments

My name is Ozymandias, King of Kings. Look on my works, ye mighty, and despair!

submitted 36 days ago • 0 comments

submitted 42 days ago • 1 comment

Secure machine-to-machine communication? In this video, Roland walks you through the #oauth2 Client Credentials flow. It's relatively straightforward, and a great way to get introduced to OAuth. 📺 youtu.be/_ncPlNlcavo #oauth2 #identityserver #accesstoken #dotnet #security

submitted 45 days ago • 0 comments

Man, fuck this guy for spreading harmful stereotypes. As a counterpoint, one of the largest companies in the world thinks otherwise: www.microsoft.com/en-us/divers...

submitted 52 days ago • 0 comments

Proud of Duende. More companies should do that.

submitted 53 days ago • 0 comments

Oof

submitted 53 days ago • 0 comments

Kicking off our Open Source Sponsorship program this quarter, where our developers picked a project we'll sponsor for 12 months: 🙌 Shouldly Assertion Framework We're using it ourselves, and here's why you may want to: duende.link/w4whryh #dotnet #testing

submitted 54 days ago • 0 comments

Reason 477,632 why for-profit businesses should not be involved in Healthcare.

submitted 56 days ago • 0 comments

1. LLM-generated code tries to run code from online software packages. Which is normal but 2. The packages don’t exist. Which would normally cause an error but 3. Nefarious people have made malware under the package names that LLMs make up most often. So 4. Now the LLM code points to malware.

submitted 56 days ago • 116 comments

Fresh Duende.AccessTokenManagement release candidate! 🔑 Named keys for IDistributedCache injection 💸 HybridCache (preview) 📊 Open Telemetry metrics, logs and traces 🏕️ Externalized cache key generation 🎉 and more! github.com/DuendeSoftwa... #dotnet #oidc #security

submitted 59 days ago • 0 comments

Secure your #VueJS apps with OpenID Connect & the BFF pattern! 🔒 We’ll look at the basic architecture of a BFF solution, the responsibilities of each component, and how it all fits together. duende.link/eshdrq4 #Security #OAuth2 #OpenIDConnect #dotnet

submitted 60 days ago • 0 comments

The Fourth Circuit is famously succinct. storage.courtlistener.com/recap/gov.us...

submitted 62 days ago • 313 comments

So anyway, Pesach begins this Saturday.

submitted 60 days ago • 0 comments

financial advice in a weird time: -- develop a plan -- find friends who support you -- preferably 10 of them -- steal $160 million from the Bellagio, the Mirage, and the MGM Grand -- yes those are Terry Benedict's casinos -- get your wife back -- one of the friends should be Don Cheadle btw simple

submitted 66 days ago • 151 comments

Using antisemitism as an excuse to kidnap people and suppress speech is disgusting.

submitted 68 days ago • 5 comments

github.com/orgs/DuendeS...

submitted 68 days ago • 0 comments

I taught a couple of cybersecurity merit badges to my daughter’s Girl Scouts troop and the parents were amazed that I made it so easy to understand for a bunch of 8 year olds I pointed out that I had years of practice explaining the Internet to senior military officers, so this was a breeze

submitted 72 days ago • 10 comments

A common attack web devs need to guard against is Cross-Site Request Forgery (CSRF). 🦸‍♀️ Anti-Forgery tokens to the rescue! Let's see how they work in more detail 👇 duende.link/wk7e6sg #dotnet #aspnetcore

submitted 75 days ago • 0 comments

New: the Mozilla Foundation is calling on the tech industry to block an ICE contractor's web scrapers. Amazon, Apple, BlueSky, Duolingo, Etsy, Glassdoor, GoFundMe, Google, LinkedIn, Nextdoor, OnlyFans, Reddit, Snapchat, Substack, TikTok, Tinder, Twitch, Twitter, more www.404media.co/mozilla-foun...

submitted 76 days ago • 6 comments

I really didn’t want a future with AI, I wanted a future with an automatic laundry folding robot.

submitted 78 days ago • 0 comments

Fun, far-ranging conversation with Vox about the book and what the aid cuts mean for the future of TB and other diseases of injustice. www.vox.com/future-perfe...

submitted 81 days ago • 9 comments

Good news! We just released Duende Backend-for-Frontend (BFF) Security Framework V3. All the necessary components to secure browser-based frontends (e.g. SPAs or #Blazor applications) with #aspnetcore backends. duende.link/iuq3t4n #dotnet

submitted 83 days ago • 1 comment

While RFC7523bis is being considered by the IETF OAuth working group, I've been working on errata for similar strict audience validation requirements in CIBA (openid.net/specs/openid...). Now today we're releasing IdentityServer 7.2.0 with support for strict audience validation across the board!

submitted 81 days ago • 2 comments

Thread. I'm largely paraphrasing the human rights lawyer @michaelsfard.bsky.social, who is key in this case & many others: A thing that happens a lot in Israel is that settler orgs + the Rabbinate take over properties in East Jerusalem owned by Jews before 1948, to "Judaize" the Palestinian part+

submitted 92 days ago • 4 comments

I've not been this mad about a semicolon in a long time: dotnet format gives different output if your csproj file contains <TargetFrameworks>net9.0</TargetFrameworks> and <TargetFrameworks>net9.0;</TargetFrameworks>

submitted 96 days ago • 0 comments

Welcome to the resistance

submitted 99 days ago • 0 comments

Say hello to Duende BFF Security Framework V3 Release Candidate 1 👋 BFF (Backend-For-Frontend) solves security and development challenges for client-side developers using SPA frameworks like #React, #Angular, VueJs or #Blazor. duende.link/bff3rc1 #dotnet #identity #oauth

submitted 101 days ago • 1 comment