1

I have the following project structure:

  • webapi (different domain)
  • auth-server (different domain)
  • angular-client (different domain)

Both the Web API and the authserver are on .NET Core 2.0 and I use IdentityServer4 for the generation of security tokens, which I achieve correctly. I am using a PostgreSQL DB to persist all the information of users, tokens, clients, etc.

My problem arises when I want to login with an angular client. I can not understand the way in which the service must be performed to achieve the login; I understand that it would be enough to send the auth-server the user, password and data of the angular client, so that it would return a token that would store it in the local storage and then use it for everything it wants inside the angular client, but I can not do it.

The IdentityServer documentation does not talk about how to do this kind of thing, and the truth is that I'm a bit frustrated.

Probe to make the path using the oidc-client library, but it seems that is not what I need since I do not know how to send the username and password to validate.

Please, could you recommend me what the correct workflow would be, or in any case how to request a token from the auth-server from Angular?

NORA: I do not add code, since it is a doubt of concept and not of code in reality.

Improve this question

2 Answers 2

Reset to default
1

This would be the Implicit Flow in OAuth/OIDC terms.

The example to follow is in Quickstart Tutorial 7: https://identityserver4.readthedocs.io/en/release/quickstarts/7_javascript_client.html

You will need to redirect the browser to the auth server's sign-in page or use a pop window (which loads the auth server's sign-in page).

The username and password should not be entered into the Angular app. The Angular app will know the user after it receives back the id_token and/or access_token from the auth server.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I understand the point, but it does not solve my problem. I need to use usernames and password to do the authentication in my app. It's possible with IdentityServer4 autenticate users with email and password? I need use my form for the login and not the form of the IdentityServer, its a problem for me. Any idea?
Why is it a problem? The auth server should be the one place to enter passwords. The passwords should not hop through multiple apps.
The problem is the UI. My app use a form to login, and i can't use other form for the login. This is the problem. I understand the point for security, but a really need use the form in Angular. Maybe i can use the form Angular and trigger the form the IdentityServer? It's possible?
I still don't see a real problem; you can just build the same login form in the IdentityServer app (and remove it from the Angular app altogether). The IdentityServer UI can be customized to look and feel however you want. You don't need a login form in the Angular app unless you are trying to collect their secrets for other purposes.
@travis.js, this might not be the case! He wants to have full advantage of SPA and doesn't want the redirect to the auth server, and he doesn't want to rebuild the login form (which probably is composed of several components) at the auth server. And about collecting password, it's a repeated question about angular and usually he owns the auth server as the SPA client, so there is a complete trust.
|
0

There is a token endpoint for Identity Server 4:

http://youridentityserverurl/connect/token

You can pass a form-urlencoded like below:

POST /connect/token
CONTENT-TYPE application/x-www-form-urlencoded

    client_id=client1&
    client_secret=secret&
    grant_type=authorization_code&
    scope=hdh922&
    username=username&
    password=password&

It will return you an access_token, and some other details.

You can refer to this link: https://identityserver4.readthedocs.io/en/latest/endpoints/token.html#

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.