I am busy integrating a new React front end with a .net Core API, using Identity Server 4.
The flow type we are using is Resource Owner Password Credentials.
There are two reasons I do not wish to use oidc-client-js:
At the moment I am able to get the discovery document and login using the token_endpoint. The return after I login contains: access_token, expires_in and token_type but not session_state.
I am currently attempting to replicate the CheckSessionIFrame as can be seen in the oidc-client-js repository.
It is constructed with callback, client_id, url & interval and started by passing in the session_state.
My problem is that I cannot figure out how to get the session_state from Identity Server 4.
Many thanks
Charles
Resource Owner Flow does not allow for sessions because it is a browserless flow much like the client credentials flow. In other words, IdentityServer4 cannot issue a cookie for your session.
oidc-js probably does not support password grant because it is a simple restful call, nothing too complicated.
If you want checksession you will need to use a human interaction based flow like implicit flow.