Duende.IdentityServer.ConformanceReport 0.1.0-alpha.0.3488

Prefix Reserved
.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher.
This is a prerelease version of Duende.IdentityServer.ConformanceReport. 
dotnet add package Duende.IdentityServer.ConformanceReport --version 0.1.0-alpha.0.3488
                    


                    

                
NuGet\Install-Package Duende.IdentityServer.ConformanceReport -Version 0.1.0-alpha.0.3488
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Duende.IdentityServer.ConformanceReport" Version="0.1.0-alpha.0.3488" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Duende.IdentityServer.ConformanceReport" Version="0.1.0-alpha.0.3488" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Duende.IdentityServer.ConformanceReport" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Duende.IdentityServer.ConformanceReport --version 0.1.0-alpha.0.3488
                    


                    

                
#r "nuget: Duende.IdentityServer.ConformanceReport, 0.1.0-alpha.0.3488"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Duende.IdentityServer.ConformanceReport@0.1.0-alpha.0.3488
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Duende.IdentityServer.ConformanceReport&version=0.1.0-alpha.0.3488&prerelease
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Duende.IdentityServer.ConformanceReport&version=0.1.0-alpha.0.3488&prerelease
                    


                            Install as a Cake Tool

Duende.IdentityServer.ConformanceReport

OAuth 2.1 and FAPI 2.0 Security Profile conformance assessment for Duende IdentityServer.

Overview

Duende.IdentityServer.ConformanceReport adds conformance assessment to your IdentityServer application. It evaluates your server and client configuration against OAuth 2.1 and FAPI 2.0 Security Profile requirements and generates an HTML report accessible via a protected endpoint.

Installation

dotnet add package Duende.IdentityServer.ConformanceReport

Setup

1. Add to your IdentityServer configuration

builder.Services
    .AddIdentityServer()
    .AddInMemoryClients(clients)
    .AddConformanceReport(options =>
    {
        options.Enabled = true;
        options.EnableOAuth21Assessment = true;
        options.EnableFapi2SecurityAssessment = true;

        // Authorization is configured automatically - requires authenticated user by default
        // Customize as needed:
        options.ConfigureAuthorization = policy => policy
            .RequireRole("Administrator")
            .RequireClaim("department", "Compliance");
    });

2. Map the endpoint

app.MapConformanceReport();

3. Access the report

Navigate to: https://your-server/_duende/conformance-report

Configuration Options

Property Type Default Description
Enabled bool false Enable/disable conformance endpoints
EnableOAuth21Assessment bool true Enable OAuth 2.1 profile assessment
EnableFapi2SecurityAssessment bool true Enable FAPI 2.0 Security Profile assessment
PathPrefix string "_duende" Path prefix for conformance endpoints (without leading slash)
ConfigureAuthorization Action<AuthorizationPolicyBuilder>? Requires authenticated user Configure authorization policy for the HTML report endpoint
AuthorizationPolicyName string "ConformanceReport" ASP.NET Core authorization policy name (used internally)
HostCompanyName string? null Optional display name of the host company to include in the report
HostCompanyLogoUrl Uri? null Optional URL of the host company's logo

Authorization Examples

Default (requires authenticated user):

options.Enabled = true;
// ConfigureAuthorization defaults to requiring authenticated user

Require specific role:

options.ConfigureAuthorization = policy => policy.RequireRole("Admin");

Require multiple conditions:

options.ConfigureAuthorization = policy => policy
    .RequireRole("Admin")
    .RequireClaim("department", "IT");

Allow anonymous (for development/testing only):

options.ConfigureAuthorization = policy =>
    policy.RequireAssertion(_ => builder.Environment.IsDevelopment());

Manual policy registration (advanced scenarios):

// In AddConformanceReport:
options.ConfigureAuthorization = null; // Skip automatic registration

// Then manually register the policy:
builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("ConformanceReport", policy =>
    {
        policy.Requirements.Add(new MyCustomRequirement());
    });
});

Important: If you set ConfigureAuthorization = null, you must manually register a policy with the name specified in AuthorizationPolicyName (default: "ConformanceReport"). Otherwise, the endpoint will fail at runtime with a "policy not found" error.

Understanding the Report

The HTML report displays:

  • Server Configuration: Matrix showing server-level conformance rules
  • Client Configurations: Matrix showing per-client conformance rules
  • Rule Legend: Explanation of each rule ID
  • Notes: Detailed messages for warnings and failures

Status Indicators

Symbol Meaning
Pass Requirement met
Fail Requirement not met (non-conformant)
Warning Recommended practice not followed
N/A Rule not applicable

Licensing

Duende IdentityServer is source-available, but requires a paid license for production use.

  • Development and Testing: You are free to use and explore the code for development, testing, or personal projects without a license.
  • Production: A license is required for production environments.
  • Free Community Edition: A free Community Edition license is available for qualifying companies and non-profit organizations. Learn more here.

Reporting Issues and Getting Support

  • For bug reports or feature requests, use our developer community forum.
  • For security-related concerns, please contact us privately at: security@duendesoftware.com.
Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.1.0-alpha.0.3488 41 3/2/2026

https://github.com/duendesoftware/products/releases