diff --git a/IdentityServer/v7/MTLS/Api/Api.csproj b/IdentityServer/v7/MTLS/Api/Api.csproj
index f5dc9b5a..2eab82f7 100644
--- a/IdentityServer/v7/MTLS/Api/Api.csproj
+++ b/IdentityServer/v7/MTLS/Api/Api.csproj
@@ -6,8 +6,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.0" />
-    <PackageReference Include="Serilog.AspNetCore" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.1" />
+    <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
   </ItemGroup>
 
 </Project>
diff --git a/IdentityServer/v7/MTLS/ClientCredentials/ClientCredentials.csproj b/IdentityServer/v7/MTLS/ClientCredentials/ClientCredentials.csproj
index 4e068df6..fe063bd5 100644
--- a/IdentityServer/v7/MTLS/ClientCredentials/ClientCredentials.csproj
+++ b/IdentityServer/v7/MTLS/ClientCredentials/ClientCredentials.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Duende.IdentityModel" Version="7.1.0" />
+    <PackageReference Include="Duende.IdentityModel" Version="8.0.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/IdentityServer/v7/MTLS/ClientCredentials/ConsoleExtensions.cs b/IdentityServer/v7/MTLS/ClientCredentials/ConsoleExtensions.cs
index cd5793b2..62fab69d 100644
--- a/IdentityServer/v7/MTLS/ClientCredentials/ConsoleExtensions.cs
+++ b/IdentityServer/v7/MTLS/ClientCredentials/ConsoleExtensions.cs
@@ -1,10 +1,10 @@
 // Copyright (c) Duende Software. All rights reserved.
 // Licensed under the MIT License. See LICENSE in the project root for license information.
 
+using System.Buffers.Text;
 using System.Diagnostics;
 using System.Text;
 using System.Text.Json;
-using Duende.IdentityModel;
 
 namespace Shared;
 
@@ -40,7 +40,7 @@ public static void ShowAccessToken(this string accessToken)
         var header = parts[0];
         var payload = parts[1];
 
-        Console.WriteLine(JsonSerializer.Serialize(JsonDocument.Parse(Encoding.UTF8.GetString(Base64Url.Decode(header))), new JsonSerializerOptions { WriteIndented = true }));
-        Console.WriteLine(JsonSerializer.Serialize(JsonDocument.Parse(Encoding.UTF8.GetString(Base64Url.Decode(payload))), new JsonSerializerOptions { WriteIndented = true }));
+        Console.WriteLine(JsonSerializer.Serialize(JsonDocument.Parse(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(header))), new JsonSerializerOptions { WriteIndented = true }));
+        Console.WriteLine(JsonSerializer.Serialize(JsonDocument.Parse(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload))), new JsonSerializerOptions { WriteIndented = true }));
     }
 }
diff --git a/IdentityServer/v7/MTLS/ClientCredentials/Program.cs b/IdentityServer/v7/MTLS/ClientCredentials/Program.cs
index e78baf7b..f173267a 100644
--- a/IdentityServer/v7/MTLS/ClientCredentials/Program.cs
+++ b/IdentityServer/v7/MTLS/ClientCredentials/Program.cs
@@ -76,7 +76,7 @@ static SocketsHttpHandler GetHandler()
         var assemblyDir = typeof(Program).Assembly.Location;
         var certPath = Path.GetFullPath(Path.Combine(assemblyDir, "../../../../../localhost-client.p12"));
 
-        var cert = new X509Certificate2(certPath, "changeit");
+        var cert = X509CertificateLoader.LoadPkcs12FromFile(certPath, "changeit");
         handler.SslOptions.ClientCertificates = new X509CertificateCollection { cert };
 
         return handler;
diff --git a/IdentityServer/v7/MTLS/IdentityServerHost/Clients.cs b/IdentityServer/v7/MTLS/IdentityServerHost/Clients.cs
index c4815933..7620facc 100644
--- a/IdentityServer/v7/MTLS/IdentityServerHost/Clients.cs
+++ b/IdentityServer/v7/MTLS/IdentityServerHost/Clients.cs
@@ -10,25 +10,25 @@ namespace IdentityServerHost;
 
 public static class Clients
 {
-    // These ClientCert related helper methods make the demo easy to run, but 
+    // These ClientCert related helper methods make the demo easy to run, but
     // are not suitable for production. The point is client authentication based
-    // on the mTLS certificate needs some way of identifying the certificate 
+    // on the mTLS certificate needs some way of identifying the certificate
     // to use, which can either be the client certificates subject or thumbprint.
     // The thumbprint is more specific: it uniquely identifies a single certificate.
-    // The subject is more flexible: any certificate signed by an authority that 
-    // you trust with the expected subject can be used. This facilitates 
+    // The subject is more flexible: any certificate signed by an authority that
+    // you trust with the expected subject can be used. This facilitates
     // rotation of certificates, but depends on strong public key infrastructure.
     // Depending on how you are distributing client certificates to your clients
     // and your security requirements, either approach can work.
     //
     // In this sample, we are obtaining that information in an unrealistic way.
     // We simply load the certificate file that is also used by the client, and
-    // then take the thumbprint or subject from that. In a real deployment, the 
-    // certificate should be controlled by the client and not be shared in this 
+    // then take the thumbprint or subject from that. In a real deployment, the
+    // certificate should be controlled by the client and not be shared in this
     // way. We are doing this because we don't know the thumbprint or subject of
     // the certificate that mkcert will generate.
     private static X509Certificate2 ClientCert() =>
-        new X509Certificate2("../localhost-client.p12", "changeit");
+        X509CertificateLoader.LoadPkcs12FromFile("../localhost-client.p12", "changeit");
     private static string ClientCertificateThumbprint() => ClientCert().Thumbprint;
     private static string ClientCertificateSubject() => ClientCert().Subject;
 
diff --git a/IdentityServer/v7/MTLS/IdentityServerHost/IdentityServerHost.csproj b/IdentityServer/v7/MTLS/IdentityServerHost/IdentityServerHost.csproj
index eca2569a..c2afba5a 100644
--- a/IdentityServer/v7/MTLS/IdentityServerHost/IdentityServerHost.csproj
+++ b/IdentityServer/v7/MTLS/IdentityServerHost/IdentityServerHost.csproj
@@ -6,9 +6,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Duende.IdentityServer" Version="7.3.2"/>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.0" />
-    <PackageReference Include="Serilog.AspNetCore" Version="9.0.0" />
+    <PackageReference Include="Duende.IdentityServer" Version="7.4.4" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.1" />
+    <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
   </ItemGroup>
 
 </Project>
diff --git a/IdentityServer/v7/MTLS/IdentityServerHost/Pages/Diagnostics/ViewModel.cs b/IdentityServer/v7/MTLS/IdentityServerHost/Pages/Diagnostics/ViewModel.cs
index 292d48f1..8efc0bad 100644
--- a/IdentityServer/v7/MTLS/IdentityServerHost/Pages/Diagnostics/ViewModel.cs
+++ b/IdentityServer/v7/MTLS/IdentityServerHost/Pages/Diagnostics/ViewModel.cs
@@ -2,9 +2,9 @@
 // Licensed under the MIT License. See LICENSE in the project root for license information.
 
 
+using System.Buffers.Text;
 using System.Text;
 using System.Text.Json;
-using Duende.IdentityModel;
 using Microsoft.AspNetCore.Authentication;
 
 namespace IdentityServerHost.Pages.Diagnostics;
@@ -18,7 +18,7 @@ public ViewModel(AuthenticateResult result)
         if (result.Properties.Items.ContainsKey("client_list"))
         {
             var encoded = result.Properties.Items["client_list"];
-            var bytes = Base64Url.Decode(encoded);
+            var bytes = Base64Url.DecodeFromChars(encoded);
             var value = Encoding.UTF8.GetString(bytes);
 
             Clients = JsonSerializer.Deserialize<string[]>(value);