I have the following project structure:
Both the Web API and the authserver are on .NET Core 2.0 and I use IdentityServer4 for the generation of security tokens, which I achieve correctly. I am using a PostgreSQL DB to persist all the information of users, tokens, clients, etc.
My problem arises when I want to login with an angular client. I can not understand the way in which the service must be performed to achieve the login; I understand that it would be enough to send the auth-server the user, password and data of the angular client, so that it would return a token that would store it in the local storage and then use it for everything it wants inside the angular client, but I can not do it.
The IdentityServer documentation does not talk about how to do this kind of thing, and the truth is that I'm a bit frustrated.
Probe to make the path using the oidc-client library, but it seems that is not what I need since I do not know how to send the username and password to validate.
Please, could you recommend me what the correct workflow would be, or in any case how to request a token from the auth-server from Angular?
NORA: I do not add code, since it is a doubt of concept and not of code in reality.
This would be the Implicit Flow in OAuth/OIDC terms.
The example to follow is in Quickstart Tutorial 7: https://identityserver4.readthedocs.io/en/release/quickstarts/7_javascript_client.html
You will need to redirect the browser to the auth server's sign-in page or use a pop window (which loads the auth server's sign-in page).
The username and password should not be entered into the Angular app. The Angular app will know the user after it receives back the id_token and/or access_token from the auth server.
There is a token endpoint for Identity Server 4:
http://youridentityserverurl/connect/token
You can pass a form-urlencoded
like below:
POST /connect/token
CONTENT-TYPE application/x-www-form-urlencoded
client_id=client1&
client_secret=secret&
grant_type=authorization_code&
scope=hdh922&
username=username&
password=password&
It will return you an access_token
, and some other details.
You can refer to this link: https://identityserver4.readthedocs.io/en/latest/endpoints/token.html#
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.