Brent Schmaltz is a principal software engineer with over two decades at Microsoft and 12 years of focused experience delivering identity and security libraries for .NET, OAuth, OIDC, JWT, SAML and related protocols. He led the development of widely used authentication SDKs—collectively downloaded billions of times and driving ~100K daily installs—and maintains both public and internal libraries that underpin Microsoft and third-party platforms. Deeply steeped in security engineering since the WCF Security days, he pairs rigorous threat-aware design with a knack for performance and simplicity: “layering the arrows should go one way.” An active contributor to AzureAD’s IdentityModel extensions, he added token replay protection and enhanced OpenID Connect session handling to strengthen real-world token validation. Based in Redmond, he brings a rare combination of protocol-level expertise, production-scale library stewardship, and a mathematician’s attention to correctness.
12 years of coding experience
25 years of employment as a software developer
BSC, Mathematics and Computer Science, BSC, Mathematics and Computer Science at University of Victoria
Contributions:18 releases, 1014 reviews, 1032 commits in 9 years 5 months
Contributions summary:Brent's contributions focused on the .NET framework with a focus on improving the IdentityModel extensions for .NET. The user implemented support for token replay. This was primarily achieved by removing claim filtering on JWT claims, adding the ability for the .Net code to parse the state and session state properties, and providing functionality for more robust token validation. The user also added a new class for handling OpenIdConnectSessionState and updated various test suites with these changes.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.