I am currently looking into IdentityServer4 to implement authentication for our Xamarin mobile apps to authenticate with our ASP.NET Core WebAPI, which would leverage ASP.NET Core Identity for authorization.
So I would basically have three projects:
IdentityServer
WebAPI
Xamarin App
Since API and Apps are all our own, I have decided to go with ResourceOwnerPasswordGrant. However, I am puzzled as to how I would implement registration.
Is it correct to assume, that all the actual account handling - registration as well as login - would need to be completely implemented within the IdentityServer project and not the WebAPI project?
How would I go about actually implementing that, considering the TestUsers from the Quickstart project is a massive shortcut to providing a functional login via ResourceOwnerPasswordGrant?
This was just published, pretty detailed and there are other options for authentication such as OpenIddict as well in a previous blog.
As for accounts, registration, and webapi entirely dependent on your setup requirements.
https://blogs.msdn.microsoft.com/webdev/2017/01/23/asp-net-core-authentication-with-identityserver4/