Angular4 OAuth2 IdentityServer4

Question

I'm looking at creating an Angular4 WebApp that will have a login/sign up page for users. I need it to be able to have:

• Custom Login (i.e. users configured there own Username/Password)
• Google Login
• Facebook Login

So far my understanding is that I will need the following:

• Client (my Angular4 web app)
• Auth Server (IdentityServer4?)
• Resource server (ASP.NET Core Web Api)

If I utilise something like IdentityServer4 as my auth server. I wouldn't be able to have my Login/Signup form embedded in the app? I would have to always redirect to the AuthServer to perform the login and then redirect back to my Client along with the access token. Which is a user experience we don't really want but I'm not aware of an alternative?

My questions are:

1. Am I correct that my Angular4 app can't have a Login/Signup page if I use IdentityServer4. It must be redirected and performed on the AuthServer itself
2. Is there an alternative I can use instead of IdentityServer4 for creating Login/Signup with an Angular web app based on my requirements

Answer 1

Using IdentityServer for the front-end of login forms is completely optional. I suggest reading up on the various Flows that are supported. The simplest (often called "legacy" and insecure) option to understand is the Resource Owner Password flow, which is one of the flows that allows a pure JavaScript solution for getting and using tokens, using a form of your own creation.

To answer your questions directly:

1. No, you are not correct. Flows with redirection are just one of the options, flows without (with just a form in your own app) are also possible.
2. Yes, there are probably alternatives, but Stack Overflow isn't great/intended for recommendations. You might want to check SoftwareRecs.SE (read their FAQ though!) for investigating that.