Merge pull request #218 from DuendeSoftware/joe/readme

Add README files

Author: josephdecock

README.md

@@ -1,3 +1,37 @@
-# Securing SPAs and Blazor WASM applications once and for all
 
-see [here](https://docs.duendesoftware.com/identityserver/v7/bff/) for documentation.
+# Backend for Frontend (BFF) Security Framework 
+_Securing SPAs and Blazor WASM applications once and for all._
+
+Welcome to the official GitHub repository for the [Duende](https://duendesoftware.com) Backend for Frontend (BFF) Security Framework!
+
+## Overview
+Duende.BFF is a framework for building services that solve security and identity problems in browser based applications such as SPAs and Blazor WASM applications. It is used to create a backend host that is paired with a frontend application. This backend is called the Backend For Frontend (BFF) host, and is responsible for all of the OAuth and OIDC protocol interactions. Moving the protocol handling out of JavaScript provides important security benefits and works around changes in browser privacy rules that increasingly disrupt OAuth and OIDC protocol flows in browser based applications. The Duende.BFF library makes it easy to build and secure BFF hosts by providing [session and token management](https://docs.duendesoftware.com/identityserver/v7/bff/session/), [API endpoint protection](https://docs.duendesoftware.com/identityserver/v7/bff/apis/), and [logout notifications](https://docs.duendesoftware.com/identityserver/v7/bff/session/management/back-channel-logout/).
+
+## Extensibility
+Duende.BFF can be extended with:
+- custom logic at the session management endpoints
+- custom logic and configuration for HTTP forwarding to external API endpoints
+- custom data storage for server-side sessions and access/refresh tokens
+
+## Advanced Security Features
+Duende.BFF supports a wide range of security scenarios for modern applications:
+- Mutual TLS
+- Proof-of-Possession
+- JWT secured authorization requests
+- JWT-based client authentication. 
+
+## Getting Started
+If you're ready to dive into development, check out our [Quickstart Tutorial](https://docs.duendesoftware.com/identityserver/v7/quickstarts/js_clients/js_with_backend/) for step-by-step guidance.
+
+For more in-depth documentation, visit [our documentation portal](https://docs.duendesoftware.com).
+
+## Licensing
+Duende.BFF is source-available, but requires a paid [license](https://duendesoftware.com/products/identityserver) for production use.
+
+- **Development and Testing**: You are free to use and explore the code for development, testing, or personal projects without a license.
+- **Production**: A license is required for production environments. 
+- **Free Community Edition**: A free Community Edition license is available for qualifying companies and non-profit organizations. Learn more [here](https://duendesoftware.com/products/communityedition).
+
+## Reporting Issues and Getting Support
+- For bug reports or feature requests, open an issue on GitHub: [Submit an Issue](https://github.com/DuendeSoftware/Support/issues/new/choose).
+- For security-related concerns, please contact us privately at: **security@duendesoftware.com**.

src/Duende.Bff.EntityFramework/Duende.Bff.EntityFramework.csproj

@@ -7,8 +7,13 @@
 
     <AssemblyName>Duende.BFF.EntityFramework</AssemblyName>
     <Description>Entity Framework Core support for backend for frontend (BFF) host for ASP.NET Core</Description>
+    <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>
 
+  <ItemGroup>
+      <None Include="README.md" Pack="true" PackagePath=""/>
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" />
 

src/Duende.Bff.EntityFramework/README.md

@@ -0,0 +1,26 @@
+
+# Backend for Frontend (BFF) YARP Integration
+_Securing SPAs and Blazor WASM applications once and for all._
+
+## Overview
+Duende.BFF is a framework for building services that solve security and identity problems in browser based applications such as SPAs and Blazor WASM applications. It is used to create a backend host that is paired with a frontend application. This backend is called the Backend For Frontend (BFF) host, and is responsible for all of the OAuth and OIDC protocol interactions. Moving the protocol handling out of JavaScript provides important security benefits and works around changes in browser privacy rules that increasingly disrupt OAuth and OIDC protocol flows in browser based applications. The Duende.BFF library makes it easy to build and secure BFF hosts by providing [session and token management](https://docs.duendesoftware.com/identityserver/v7/bff/session/), [API endpoint protection](https://docs.duendesoftware.com/identityserver/v7/bff/apis/), and [logout notifications](https://docs.duendesoftware.com/identityserver/v7/bff/session/management/back-channel-logout/).
+
+This package provides an implementation of server side sessions for the BFF using Entity Framework.
+
+## Getting Started
+For in-depth documentation, please see [here](https://docs.duendesoftware.com/identityserver/v7/bff/session/server_side_sessions/#using-entity-framework-for-the-server-side-session-store).
+
+## Licensing
+Duende.BFF.EntityFramework is source-available, but requires a paid [license](https://duendesoftware.com/products/identityserver) for production use.
+
+- **Development and Testing**: You are free to use and explore the code for development, testing, or personal projects without a license.
+- **Production**: A license is required for production environments. 
+- **Free Community Edition**: A free Community Edition license is available for qualifying companies and non-profit organizations. Learn more [here](https://duendesoftware.com/products/communityedition).
+
+## Reporting Issues and Getting Support
+- For bug reports or feature requests, open an issue on GitHub: [Submit an Issue](https://github.com/DuendeSoftware/Support/issues/new/choose).
+- For security-related concerns, please contact us privately at: **security@duendesoftware.com**.
+
+## Related Packages
+- [Duende.Bff](https://www.nuget.org/packages/Duende.Bff) - Framework for building browser based applications using the BFF pattern
+- [Duende.Bff.Yarp](https://www.nuget.org/packages/Duende.Bff.Yarp) - BFF integration with YARP (Yet Another Reverse Proxy)

src/Duende.Bff.Yarp/Duende.Bff.Yarp.csproj

@@ -5,11 +5,15 @@
         <GenerateDocumentationFile>true</GenerateDocumentationFile>
         <LangVersion>latest</LangVersion>
         <Nullable>enable</Nullable>
-
         <AssemblyName>Duende.BFF.Yarp</AssemblyName>
         <Description>Backend for frontend (BFF) host for ASP.NET Core (YARP integration)</Description>
+        <PackageReadmeFile>README.md</PackageReadmeFile>
     </PropertyGroup>
 
+    <ItemGroup>
+        <None Include="README.md" Pack="true" PackagePath=""/>
+    </ItemGroup>
+
     <ItemGroup>
         <PackageReference Include="Yarp.ReverseProxy" />
     </ItemGroup>

src/Duende.Bff.Yarp/README.md

@@ -0,0 +1,26 @@
+
+# Backend for Frontend (BFF) YARP Integration
+_Securing SPAs and Blazor WASM applications once and for all._
+
+## Overview
+Duende.BFF is a framework for building services that solve security and identity problems in browser based applications such as SPAs and Blazor WASM applications. It is used to create a backend host that is paired with a frontend application. This backend is called the Backend For Frontend (BFF) host, and is responsible for all of the OAuth and OIDC protocol interactions. Moving the protocol handling out of JavaScript provides important security benefits and works around changes in browser privacy rules that increasingly disrupt OAuth and OIDC protocol flows in browser based applications. The Duende.BFF library makes it easy to build and secure BFF hosts by providing [session and token management](https://docs.duendesoftware.com/identityserver/v7/bff/session/), [API endpoint protection](https://docs.duendesoftware.com/identityserver/v7/bff/apis/), and [logout notifications](https://docs.duendesoftware.com/identityserver/v7/bff/session/management/back-channel-logout/).
+
+This package integrates the BFF with Microsoft's YARP (Yet Another Reverse Proxy). It allows you to proxy requests to external APIs using the full power of YARP, while also applying Duende.BFF's token management and security features.
+
+## Getting Started
+For in-depth documentation, please see the Duende.BFF.Yarp [documentation page](https://docs.duendesoftware.com/identityserver/v7/bff/apis/yarp/).
+
+## Licensing
+Duende.BFF.Yarp is source-available, but requires a paid [license](https://duendesoftware.com/products/identityserver) for production use.
+
+- **Development and Testing**: You are free to use and explore the code for development, testing, or personal projects without a license.
+- **Production**: A license is required for production environments. 
+- **Free Community Edition**: A free Community Edition license is available for qualifying companies and non-profit organizations. Learn more [here](https://duendesoftware.com/products/communityedition).
+
+## Reporting Issues and Getting Support
+- For bug reports or feature requests, open an issue on GitHub: [Submit an Issue](https://github.com/DuendeSoftware/Support/issues/new/choose).
+- For security-related concerns, please contact us privately at: **security@duendesoftware.com**.
+
+## Related Packages
+- [Duende.Bff](https://www.nuget.org/packages/Duende.Bff) - Framework for building browser based applications using the BFF pattern
+- [Duende.Bff.EntityFramework](https://www.nuget.org/packages/Duende.Bff.EntityFramework) - A store for Duende.BFF's server side sessions implemented with Entity Framework

src/Duende.Bff/Duende.Bff.csproj

@@ -5,11 +5,15 @@
         <GenerateDocumentationFile>true</GenerateDocumentationFile>
         <LangVersion>latest</LangVersion>
         <Nullable>enable</Nullable>
-
         <AssemblyName>Duende.BFF</AssemblyName>
         <Description>Backend for frontend (BFF) host for ASP.NET Core</Description>
+        <PackageReadmeFile>README.md</PackageReadmeFile>
     </PropertyGroup>
 
+    <ItemGroup>
+        <None Include="README.md" Pack="true" PackagePath=""/>
+    </ItemGroup>
+
     <ItemGroup>
         <FrameworkReference Include="Microsoft.AspNetCore.App" />
         <PackageReference Include="Duende.AccessTokenManagement.OpenIdConnect" />

src/Duende.Bff/README.md

@@ -0,0 +1,39 @@
+
+# Backend for Frontend (BFF) Security Framework 
+_Securing SPAs and Blazor WASM applications once and for all._
+
+## Overview
+Duende.BFF is a framework for building services that solve security and identity problems in browser based applications such as SPAs and Blazor WASM applications. It is used to create a backend host that is paired with a frontend application. This backend is called the Backend For Frontend (BFF) host, and is responsible for all of the OAuth and OIDC protocol interactions. Moving the protocol handling out of JavaScript provides important security benefits and works around changes in browser privacy rules that increasingly disrupt OAuth and OIDC protocol flows in browser based applications. The Duende.BFF library makes it easy to build and secure BFF hosts by providing [session and token management](https://docs.duendesoftware.com/identityserver/v7/bff/session/), [API endpoint protection](https://docs.duendesoftware.com/identityserver/v7/bff/apis/), and [logout notifications](https://docs.duendesoftware.com/identityserver/v7/bff/session/management/back-channel-logout/).
+
+## Extensibility
+Duende.BFF can be extended with:
+- custom logic at the session management endpoints
+- custom logic and configuration for HTTP forwarding to external API endpoints
+- custom data storage for server-side sessions and access/refresh tokens
+
+## Advanced Security Features
+Duende.BFF supports a wide range of security scenarios for modern applications:
+- Mutual TLS
+- Proof-of-Possession
+- JWT secured authorization requests
+- JWT-based client authentication. 
+
+## Getting Started
+If you're ready to dive into development, check out our [Quickstart Tutorial](https://docs.duendesoftware.com/identityserver/v7/quickstarts/js_clients/js_with_backend/) for step-by-step guidance.
+
+For more in-depth documentation, visit [our documentation portal](https://docs.duendesoftware.com).
+
+## Licensing
+Duende.BFF is source-available, but requires a paid [license](https://duendesoftware.com/products/identityserver) for production use.
+
+- **Development and Testing**: You are free to use and explore the code for development, testing, or personal projects without a license.
+- **Production**: A license is required for production environments. 
+- **Free Community Edition**: A free Community Edition license is available for qualifying companies and non-profit organizations. Learn more [here](https://duendesoftware.com/products/communityedition).
+
+## Reporting Issues and Getting Support
+- For bug reports or feature requests, open an issue on GitHub: [Submit an Issue](https://github.com/DuendeSoftware/Support/issues/new/choose).
+- For security-related concerns, please contact us privately at: **security@duendesoftware.com**.
+
+## Related Packages
+- [Duende.Bff.Yarp](https://www.nuget.org/packages/Duende.Bff.Yarp) - BFF integration with YARP (Yet Another Reverse Proxy)
+- [Duende.Bff.EntityFramework](https://www.nuget.org/packages/Duende.Bff.EntityFramework) - A store for Duende.BFF's server side sessions implemented with Entity Framework