i´m new to identityserver and the security. I finish all the quickstart in the documentation but all the samples use the identityserver login page. Is it possible to make login page from client website, so it wont redirect from localhost:5003 to localhost:5000 then back again to localhost:5003?
Yes, using GrantTypes.ResourceOwnerPassword. See Protecting an API using Passwords.
You have a form where the user enters their username & password, and then in your code-behind you do something similar to the code found on that page under "Requesting a token using the password grant", substituting "alice" and "password" below with the submitted values.
// request token
var tokenClient = new TokenClient(disco.TokenEndpoint, "ro.client", "secret");
var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("alice", "password", "api1");
if (tokenResponse.IsError)
{
Console.WriteLine(tokenResponse.Error);
return;
}
Console.WriteLine(tokenResponse.Json);
Console.WriteLine("\n\n");