Let me guess how this goes. You build a login page. You wire up registration. You hash passwords, set up MFA, ship it, and move on to the features that actually make your product interesting. Then, three months later, someone from legal walks over (or pings you on Slack, because nobody walks anywhere anymore) and asks: "Can you show me an audit trail of every admin action on ...

Protocols don't die; they accumulate gravity. Every integration, every compliance mandate, every federated trust relationship adds mass. SAML has been accumulating gravity for over twenty years, anchoring identity federation across enterprises, governments, universities, and healthcare systems worldwide. Dismissing it as "legacy" is a misreading of how protocol ecosystems act...

Back in early 2020, Dominick Baier, one of Duende’s founders, wrote a provocative post titled "SPAs are dead!?" that sent ripples through the identity community, warning of stricter cookie handling to come. At the time, Safa...

A well-tested codebase is the foundation of confident software delivery. Yet anyone who has written tests for complex scenarios knows the pain: any number of Assert.Equal calls, each one a liability waiting to break when a property name changes or when you add a new field. Finding better ways to assert our software's behavior is an ongoing pursuit for all of us, and that purs...

It's 2 AM, and your cellphone begins to vibrate off the nightstand. It's your CEO. Picking up, while still in a daze, they frantically speak the words, "The business is down! We need your help." It's not a database issue, or a DNS issue; it's much worse: it's an identity issue. Every microservice that depends on token validation is failing. Your API gateway can't verify JWTs....