Joe DeCock's Blog

Hi, I’m Joe.

I’m a security architect, software developer, and trainer. I help build Duende.IdentityServer, speak at conferences about security and identity, and train other developers about OAuth and OpenId Connect.

In my work with Duende, I’ve had the opportunity to implement Pushed Authorization Requests (RFC 9126) and Dynamic Client Registration (RFC 7591) in IdentityServer, add DPoP (RFC 9449) support to Duende.BFF, and learned a ton from Brock and Dominick (thanks guys!)

Open Source

I’m also a maintainer for a number of open source libraries, including


I guess I’m still on Twitter because network effects are hard to overcome, but … yeah. Follow me, I guess, @jmdc.

You can also contact me at