Blogged: Implementing Level of Identification (LoI) with ASP.NET Core Identity and Duende

https://damienbod.com/2026/01/18/implementing-level-of-identification-loi-with-asp-net-core-identity-and-duende/

#aspnetcore #oauth #openid #dotnet #oidc #iam #swiyu #aspire #oss #identity #eid #swiss #bit #gov #loi #loa #blazor #duende

🔧 Keycloak + OpenID (Entra ID) gặp lỗi AADSTS50011: redirect URI không khớp. Cần đồng bộ URI giữa Azure portal và Keycloak: dùng http://localhost:8080/... thay 127.0.0.1 và cập nhật trong “Valid Redirect URIs” của client. Đừng quên chọn “client secret sent in request body” nếu phiên bản cũ không có tùy chọn khác. #Keycloak #OpenID #AzureAD #EntraID #dev #công_nghệ #phát_triển

https://www.reddit.com/r/selfhosted/comments/1qbru4t/how_to_change_redirect_uri_when_using_openid_on/

I've made SurillyaID available to the public! You can now use SurillyaID as an alternative / primary (whatever you want) login system using OIDC or OAuth 2!

Developer Portal: https://developer.surillya.com

Peertube Tutorial: https://video.surillya.com/w/fsbWVJU7E1SgawAj9XG2f2

YouTube tutorial: https://youtu.be/YQVn3aCgqLQ

#developer #php #oidc #openid #surillyaid #login #authorization #developers #webdev #html #website

Blogged: Set the amr claim when using passkeys authentication in ASP.NET Core

https://damienbod.com/2026/01/05/set-the-amr-claim-when-using-passkeys-authentication-in-asp-net-core/

#oauth #openid #openidconnect #iam #security #aspnetcore #dotnet #passkeys #fido2 #mfa

"OAuth 2.0 and the Road to Hell"

For unknown reasons today I though of Eran Hammer-Lahav and OAuth2 and standardization in general.

OAuth2 is still very much alive and yes, mistakes were made. Developers still struggle with signatures and security.

I still want user-centric identity and "Identity in the Browser", and that is how I entered the identity space by writing Firefox addons for #openid.

I hope Eran found fulfilling things to do and wish him happiness.

https://gist.github.com/nckroy/dd2d4dfc86f7d13045ad715377b6a48f#oauth-20-and-the-road-to-hell

Fantastic!
We've done it! 😘

All of our #AWiT services are now connected via #OpenID / #SSO.

From now on, our members can log in to our services via SSO.

Only the fine-tuning of the account portal on Keycloak is missing.

https://d3.awit.at/tools

#OpenSource #Community #Federation

Fantastisch!
Wir haben es geschafft 😘

All unsere #AWiT Services sind nun via #OpenID / #SSO angebunden.

Ab sofort können sich unsere Member auf den entsprechenden Services via #SSO anmelden.

Fehlt nur noch Feintuning des Accountportals auf #keycloak

https://d3.awit.at/tools

#OpenSource #Community #Federation

#Vaultwarden #passwordmanager 1.35 introduces a lot of new fixes and updates as well as #openid support.

#oidc #sso
https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.0

Rechtzeitig vor den Feiertagen geht das SSO online.
In den nächsten Tagen und Wochen folgen unsere Partnerdomains und alle anderen Services.

Es gibt noch viel zu tun.

Die User werden in Kürze freigegeben.

#keycloak #openid #ldap #univention #sso

Blogged: Digital Authentication and Identity validation

https://damienbod.com/2025/12/20/digital-authentication-and-identity-validation/

#oidc #identity #iam #swiyu #eid #oauth #dpop #openid #security #ecollecting #authentication #loa #loi #vc #oauth2 #swiss #ch #cybersecurity

🎉 New Django OAuth2 AuthCodeFlow release version 1.4.1 🎊
Authenticate with any OpenId Connect/Oauth2 provider through authorization code flow.
PKCE is also supported

https://pypi.org/project/django-oauth2-authcodeflow/

📦 https://gitlab.com/snake_coders/django-oauth2-authcodeflow/-/releases/v1.4.1

Feel free to give feedback 💬, open issues 📝 or merge requests 🎁.
📢 Boost appreciated.

https://gitlab.com/snake_coders/django-oauth2-authcodeflow
#djangooauth2authcodeflow #oauth2 #oauth2client #openid #openidconnect #oidc #oidcclient #django

🎉 New Django OAuth2 AuthCodeFlow release version 1.4.0 🎊
Authenticate with any OpenId Connect/Oauth2 provider through authorization code flow.
PKCE is also supported

https://pypi.org/project/django-oauth2-authcodeflow/

📦 https://gitlab.com/snake_coders/django-oauth2-authcodeflow/-/releases/v1.4.0

Feel free to give feedback 💬, open issues 📝 or merge requests 🎁.
📢 Boost appreciated.

https://gitlab.com/snake_coders/django-oauth2-authcodeflow
#djangooauth2authcodeflow #oauth2 #oauth2client #openid #openidconnect #oidc #oidcclient #django

mod_auth_openidc released Version 2.4.19

OpenID Certified™ OpenID Connect and FAPI 2 Relying Party module for #Apache HTTPd

#adminlife #openid #keycloak #security

https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.19

🎉Version 9.3 is now available https://cyberduck.io/changelog/ with improved support to connect with temporary credentials to #S3 obtained with token from #OpenID Connect provider. https://cyberduck.io/changelog/

Use the #AWS #S3 (#Google #OpenID Connect) connection profile to connect to S3 with temporary credentials by configuring as an OpenID Connect (OIDC) Identity Provider in AWS #IAM https://docs.cyberduck.io/tutorials/s3_google_oidc/

Blogged: Implement MFA using swiyu, the Swiss E-ID with Duende IdentityServer, ASP.NET Core Identity and .NET Aspire

https://damienbod.com/2025/11/10/implement-mfa-using-swiyu-the-swiss-e-id-with-duende-identityserver-asp-net-core-identity-and-net-aspire/

#aspnetcore #aspire #dotnet #swiyu #eid #duende #eid #openid #oauth2 #identity #iam #vc #openidvp #DigitalIdentity #TrustInfrastructure #Switzerland #ssi

🎉 Self-Hosted Human and Machine #Identity in #Keycloak 🎉

Our 26.4 release brings great updates with #passkeys and the latest security best practices for #OpenID Connect with #FAPI and DPoP.
Automatically roll out and rotate client credentials with #spiffe, #spire and #Kubernetes service account tokens.

Start your #sovereign journey and read all in our latest #cncf blog post:
https://www.cncf.io/blog/2025/11/07/self-hosted-human-and-machine-identities-in-keycloak-26-4/

Blogged: Use swiyu, the Swiss E-ID to authenticate users with Duende and .NET Aspire

https://damienbod.com/2025/10/27/use-swiyu-the-swiss-e-id-to-authenticate-users-with-duende-and-net-aspire/

#swiyu #eid #identity #duende #aspnetcore #dotnet #aspire #openid #openidconnect #oauth #vdc #iam

In today's hack call, we discussed:

1. Providing LXC and Docker container images.
2. Building new stable images with backports enabled, and smaller image file sizes.
3. Implementing OpenID Connect, and migrating from LDAP to systemd-homed.

Notes: https://wiki.debian.org/FreedomBox/ProgressCalls/2025-10-11

#FreedomBox #Docker #OpenID

**For the benefit of those who are less techy or may not know about the ways we can deal with personal identity data.**

Personal digital ID - a hot topic in the UK atm.

Many people and companies are working on systems to provide secure ways to hold our personal identity info. Some include wider profiles like our job, interests, hobbies etc. Some are OPEN SOURCE and part of a diverse ecosystem of data interoperability (you can use the same data POD (personal online data). Bluesky is active this landscape with their 'ATProto' personal data approach, and the Fediverse with the more versatile 'ActivityPub' user profile. There is also the WWW3 standards Solid project, and other Open Social Protocols (listed on the Solid project wikipedia page linked below).

Of course, just like IT sysadmins who provided website CMS at universities a decade ago, the UK govt thinks it needs walled garden private enterprise to partner with. They will spend probably ten times the money going down that route (just like universities did). This is old fashioned and not what other large national/territorial entities will be doing.

From the Solid wiki page"

>"Solid's central focus is to enable the discovery and sharing of information in a way that preserves privacy. A user stores personal data in "pods" (personal online data stores) hosted wherever the user desires. Applications that are authenticated by Solid are allowed to request data if the user has given the application permission. A user may distribute personal information among several pods; for example, different pods might contain personal profile data, contact information, financial information, health, travel plans, or other information. The user could then join an authenticated social-networking application by giving it permission to access the appropriate information in a specific pod. The user retains complete ownership and control of data in the user's pods: what data each pod contains, where each pod is stored, and which applications have permission to use the data."

These open source systems are robust and based on the idea that only you can own and control your data. Though the data may be held centrally on (for example civic servers or other server companies who provide a Slid POD) it cannot be accessed by them. Im researching into this a lot more in coming days :)

Links to read carefully if youre interested in what I'm talking about.

CAVEAT: Im not a tech expert at this so go easy if you'd like to correct any info here :)

https://en.wikipedia.org/wiki/Solid_(web_decentralization_project)

https://www.cmswire.com/digital-experience/how-to-set-up-solid-pods-a-data-ownership-guide/

https://solidproject.org/get_a_pod

https://www.projectliberty.io/dsnp/

#digitalid #openid #solid #atproto #activitypub #dsnp #academia #academicchatter