We have a .Net Core Identity Server, a .Net Core Api, our clients however are desktop and mobile apps.
Looking through the docs it seems our Users need to Sign-in using Hybrid flow, however it seems this flow is for Web browser apps.
What is the correct flow/grant_type to Authenticate my Desktop Users and give them access to the Api?
Login WorkflowYou must inform IdentityServer of the path to your login page via the UserInteraction settings on the options (the default is /account/login ). A returnUrl parameter will be passed informing your login page where the user should be redirected once login is complete.
the allowed interactions with the token service (called a grant type) a network location where identity and/or access token gets sent to (called a redirect URI)
Why do we need IdentityServer4? ASP.NET Identity can receive a security token from a third-party login provider like Facebook, Google, Microsoft and Twitter. But If you want to issue a security token for a local ASP.NET Identity user you need to work with a third-party library like IdentityServer4, OpenIddict.
Require authorization on a new API By default, the system is configured to easily require authorization for new APIs. To do so, create a new controller and add the [Authorize] attribute to the controller class or to any action within the controller.
Hybrid flow is correct. See this spec:
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-native-apps-09
You can use this library: https://github.com/IdentityModel/IdentityModel.OidcClient2
and here are some sample: https://github.com/IdentityModel/IdentityModel.OidcClient.Samples
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With