I am building a time clock application for work. My boss wants the app to run on company ipads. He does not want employees to be able to clock in on their own devices.
I have already setup Implicit Flow between IdentityServer4, an Asp.net Core API and an Angular app.
How can I use IS4 to authorize the device remember it or cookie it? The old app I am trying to replace required an admin to login and click a button which would create a cookie in the tablet's browser history with a month long expiration. Is there a way to duplicate this type of functionality but turn it over to IS4 and also hopefully make it a bit more secure?
Your "old approach" looks pretty match the authorization code flow with refresh token. Your admin logs in once, fetches an access+refresh token pair. After a short, the access token expires, and (one time) refresh is used to obtain a new pair, and so on. You may store the pair into the local storage, and later use a custom grant to authenticate an (ordinary) user and validate the device at the same time.