Streamlining OIDC with Identity Server 4 & Identity
Hi I'm trying to implement an Angular5 frontend that has a Sign In page that Authenticates users using an Authentication Api. The Auth Api is built using Identity Server 4 & Identity with .Net Core 2, it will then be able to use a protected APIs.
My understanding is that I should be using OIDC with an Implicit flow to Authenticate with Identity Server from the Angular UI. It should look something like the diagram on the left. While I would like a more streamlined and native login feel more maybe something like what is on the right
I'm trying to avoid the redirect from Identity Server to my apps login page and then back to the UI. Ideally what I want is to be able to POST my user credentials from Angular to Identity Server, this will get authenticated and the token & claims will be returned, cutting out the flow in the Blue Box between the Login Page & Identity Server.
I plan on supporting external logins and if the user is using external authentication such as Google etc, that's fine, I'm ok with a redirect. But I want to avoid it for Users who are using my sites login.
Sorry for the upcoming open question, but I'm at the stage whee I don't know what I don't know regarding Authentication & Authorization. It is possible there is a name for what I want, I just don't know it.
Am I using the correct technology / flow for this? How should I be implementing the type of flow I want?
The more "streamlined" approach you would like can be achieved using "Resource-owner flow" in OAuth 2.0. But for many reasons you should avoid using this.
User is entering the username/password in a different domain than login server, and this is a security concern
When implementing features such as reset password, forget password or account lockout features you may have to redirect to login - otherwise when you add several more clients it will be confusing
The idea is completely abstracting out authentication from client applications, so you do not have to worry about implementing any auth logic in apps.
- .Net Identity Bearer Token Expiration
- .Net Core [Authorize] - Or instead of And for permission test
- Customize registration in .NET8 Identity
- ASP.NET Core EF Identity Roles while using JWT Bearer Scheme
- Is there a way to have the Identity Library cookies be tied to the root domain?
- Invalid 2FA Codes (Authenticator App and Email)
- List users with roles in a razor page using asp.net 6.0 Identity
- EF Core 8 database first with Identity User tables
- ASP Net identity two factor authentication last expired token is getting validated successfully
- The entity type 'Microsoft.AspNet.Identity.EntityFramework.IdentityUserLogin<string>' requires a key to be defined
- Invalid object name 'dbo.AspNetUsers' in Asp.NET MVC 5 Entity Framework
- How to get current user in asp.net core
- Cookie LoginPath not redirecting to path
- ASP.NET MVC Creating User: Multiplicity is not valid
- ASP.NET Core MVC pass a url parameter to the POST
- "Correlation failed." after upgrading 'Microsoft.IdentityModel.JsonWebTokens' and 'System.IdentityModel.Tokens.Jwt'
- Add claims to admin when db is launched first time
- Editing custom ASP.NET IdentityUser properties in Blazor
- Invalid_client using OpenIdConnect in client application
- ASP.Net Core Identity User Edit Page passing back null roles
- The AspNetUserRoles table was cleared during migrations
- why offline_access scope is needed to request refresh token in IdentityServer (OAuth2)?
- Combine auth cookies and bearer token at the same time
- Unauthorised webapi call returning login page rather than 401
- Cosmos provider for Entity Framework Core creating container with DbContext class name
- Is it possible to get user list with paging, sorting IdentityUser Tables .Net Core
- How to Create a Generic Repository in C# that Handles Both BaseEntity and IdentityUser<int> Types?
- ASP.NET Core Identity does not inject UserManager<ApplicationUser>
- URL with parameter only reaching IIS on localhost
- Cannot implicitly convert type 'System.Collections.Generic.IEnumerable' to 'System.Web.Mvc.ActionResult'