We have an internal application for internal users which I need to protect using OAuth2/OIDC and thinking of using IdentityServer4. The end users will not be authorizing any applications so there shouldn't be any consent page. I couldn't find any suitable samples, they either are MVC client samples with consent pages or console application clients for Resource Owner Password flows.
Only thing I got is that I need to implement IResourceOwnerPasswordValidator in IDSRV application. That part is I'm OK with. But I couldn't figure out how to setup IDSRV app and MVC app in their Startups.
What do I need to do to protect an .NET Core ASP.NET MVC app with IdentityServer4 using Resource Owner Password flow?
I'd appreciate any help.
Solution:
I've ended up using Hybrid flow with manuel user login instead of Resource Owner Password flow. Here's the working solution I've created:
https://github.com/deastr/IdentityServer4.HybridFlow.NoConsent
In the Client definition add the following
RequireConsent = false,