For my company we need a solution for the following simple scenario: We have a winforms app, on which we login locally. In this winforms app there is a help button, upon pressing this a web browser should open and the user is authenticated in help site without having to enter credentials again. The help site uses OpenId-connect to authorize.
We want to use Identityserver as a base.
I have looked into this example: https://github.com/IdentityServer/IdentityServer4/tree/main/samples/Quickstarts/3_AspNetCoreAndApis
The steps here (for openid connect) are:
1 access authorized page on help site
2 site redirects to identityserver login page
3 user logs in and identiyserver redirects to redirectpage with a authorization code
4 help site picks up this auth code and exchanges this for a valid token.
5 user is authenticated
I understand the redirect principle, but having the user to sign in again is annoying.
So what I want to do (I think) is:
1 log into identityserver token endpoint and obtain token using clientid/client secret programmatically in the winforms app
2 Somehow obtain an authorization code to skip the login process from step 2 and
3 open a browser with the url and code from step 3.
Is this somehow possible?
UPDATE i have concluded openid connect is not the right the right way to go for my situation
As Mackie said in last comment, openid connect is not the right solution for this. I'm looking at other technologies like one time password link to achieve what we need. Thank you Mackie