D
Duende IdentityServer
The most flexible OpenID Connect and OAuth 2.x framework for ASP.NET Core
Highly extensible, OpenID Foundation-certified framework for implementing OpenID Connect and OAuth 2.x protocols in ASP.NET Core. Commercial successor to IdentityServer4, offering full control over authentication UI, business logic, and data with self-hosted deployment.
Recursos
✓ OpenID Connect & OAuth 2.x certified
✓ Single Sign-On (SSO) across applications
✓ PKCE support enabled by default
✓ Customizable token issuance and key management
✓ External identity provider federation (SAML, OIDC, social)
✓ Sender-constrained tokens (DPoP, mTLS)
✓ FAPI 2.0 compliance for financial-grade APIs
✓ Pushed Authorization Requests (PAR)
Prós
- + Full control over data and infrastructure (self-hosted)
- + OpenID Foundation certified, standards-compliant
- + Deep customization with modular, extensible architecture
- + Transparent development with source on GitHub
- + Free Community Edition for small companies and nonprofits
Contras
- − Commercial license required for production ($1,500+/year)
- − Per-client pricing model can be expensive at scale
- − Steep learning curve for OAuth/OIDC protocols
- − .NET-only (ASP.NET Core required)
- − Migration from IdentityServer4 requires careful planning