With ASP.NET Core 5, Angular 10 and Identity Server 4 I created 4 applications:
On the Angular application (4) I am using OIDC Client JS and Code Grant Type.
The Asp.Net Core 5 MVC application (3) also needs to access the API ...
I am using Identity Model but what Grant Type should I use in MVC application?
Code as in the Angular application (Is this possible?)? Client Credentials?
If you login the user on MVC application and you want to call the API on behalf of the user use the Code flow.
In this case only difference between MVC and angular apps is that Asp.Net Core 5 MVC is a confidential client and you can use Code flow. But Angular 10 SPA client is a public client and you should you Code + PKCE.
It is although recommended to use PKCE in both cases.
If you just call an API through MVC and as the app itself and not behalf of the user, you can use Client Credentials flow. This flow is for server to server scenarios and it is secure. In this case you should do authorization for MVC app as well.