diff --git a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/Api/Api.csproj b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/Api/Api.csproj
index 9d62e39e..cc6a7b03 100755
--- a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/Api/Api.csproj
+++ b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/Api/Api.csproj
@@ -8,7 +8,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.2" />
   </ItemGroup>
 
 </Project>
diff --git a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/Client/Client.csproj b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/Client/Client.csproj
index abb6bd7d..61e38d91 100755
--- a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/Client/Client.csproj
+++ b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/Client/Client.csproj
@@ -8,7 +8,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Duende.IdentityModel" Version="7.1.0" />
+    <PackageReference Include="Duende.IdentityModel" Version="8.0.0" />
   </ItemGroup>
 
 </Project>
diff --git a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/IdentityServer/IdentityServer.csproj b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/IdentityServer/IdentityServer.csproj
index df544ea5..c51e0b93 100755
--- a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/IdentityServer/IdentityServer.csproj
+++ b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/IdentityServer/IdentityServer.csproj
@@ -7,8 +7,8 @@
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Duende.IdentityServer" Version="7.3.2"/>
-    <PackageReference Include="Google.Apis.Auth.AspNetCore3" Version="1.69.0" />
-		<PackageReference Include="Serilog.AspNetCore" Version="9.0.0" />
+		<PackageReference Include="Duende.IdentityServer" Version="7.4.4" />
+    <PackageReference Include="Google.Apis.Auth.AspNetCore3" Version="1.73.0" />
+		<PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
 	</ItemGroup>
 </Project>
diff --git a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/IdentityServer/Pages/Diagnostics/ViewModel.cs b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/IdentityServer/Pages/Diagnostics/ViewModel.cs
index b78329b8..776a23cf 100644
--- a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/IdentityServer/Pages/Diagnostics/ViewModel.cs
+++ b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/IdentityServer/Pages/Diagnostics/ViewModel.cs
@@ -1,9 +1,9 @@
 // Copyright (c) Duende Software. All rights reserved.
 // Licensed under the MIT License. See LICENSE in the project root for license information.
 
+using System.Buffers.Text;
 using System.Text;
 using System.Text.Json;
-using Duende.IdentityModel;
 using Microsoft.AspNetCore.Authentication;
 
 namespace IdentityServer.Pages.Diagnostics;
@@ -18,7 +18,7 @@ public ViewModel(AuthenticateResult result)
         {
             if (encoded != null)
             {
-                var bytes = Base64Url.Decode(encoded);
+                var bytes = Base64Url.DecodeFromChars(encoded);
                 var value = Encoding.UTF8.GetString(bytes);
                 Clients = JsonSerializer.Deserialize<string[]>(value) ?? Enumerable.Empty<string>();
                 return;
diff --git a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/JavaScriptClient/JavaScriptClient.csproj b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/JavaScriptClient/JavaScriptClient.csproj
index a4d04c2f..45679b78 100644
--- a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/JavaScriptClient/JavaScriptClient.csproj
+++ b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/JavaScriptClient/JavaScriptClient.csproj
@@ -7,10 +7,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Duende.BFF" Version="2.2.0" />
-    <PackageReference Include="Duende.BFF.Yarp" Version="2.2.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.0" />
-    <PackageReference Include="Serilog.AspNetCore" Version="9.0.0" />
+    <PackageReference Include="Duende.BFF" Version="4.0.2" />
+    <PackageReference Include="Duende.BFF.Yarp" Version="4.0.2" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.2" />
+    <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
   </ItemGroup>
 
 </Project>
diff --git a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/JavaScriptClient/Program.cs b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/JavaScriptClient/Program.cs
index d708c564..c863267c 100644
--- a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/JavaScriptClient/Program.cs
+++ b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/JavaScriptClient/Program.cs
@@ -3,6 +3,8 @@
 
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
+using Duende.Bff;
+using Duende.Bff.AccessTokenManagement;
 using Duende.Bff.Yarp;
 using Microsoft.AspNetCore.Authorization;
 
@@ -13,17 +15,7 @@
 
 builder.Services
     .AddBff()
-    .AddRemoteApis();
-
-builder.Services
-    .AddAuthentication(options =>
-    {
-        options.DefaultScheme = "Cookies";
-        options.DefaultChallengeScheme = "oidc";
-        options.DefaultSignOutScheme = "oidc";
-    })
-    .AddCookie("Cookies")
-    .AddOpenIdConnect("oidc", options =>
+    .ConfigureOpenIdConnect(options =>
     {
         options.Authority = "https://localhost:5001";
         options.ClientId = "bff";
@@ -33,7 +25,10 @@
         options.Scope.Add("offline_access");
         options.SaveTokens = true;
         options.GetClaimsFromUserInfoEndpoint = true;
-    });
+        options.MapInboundClaims = false;
+    })
+    .ConfigureCookies(options => options.Cookie.SameSite = SameSiteMode.Strict)
+    .AddRemoteApis();
 
 var app = builder.Build();
 if (app.Environment.IsDevelopment())
@@ -60,8 +55,8 @@
 app.MapGet("/local/identity", LocalIdentityHandler)
     .AsBffApiEndpoint();
 
-app.MapRemoteBffApiEndpoint("/remote", "https://localhost:6001")
-    .RequireAccessToken(Duende.Bff.TokenType.User);
+app.MapRemoteBffApiEndpoint("/remote", new Uri("https://localhost:6001"))
+    .WithAccessToken(RequiredTokenType.User);
 
 app.Run();
 
diff --git a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/WebClient/WebClient.csproj b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/WebClient/WebClient.csproj
index 9746f067..e3c55193 100644
--- a/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/WebClient/WebClient.csproj
+++ b/IdentityServer/v7/Quickstarts/6_JS_with_backend/src/WebClient/WebClient.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.2" />
   </ItemGroup>
 
 </Project>