Identity Server as part of Web API or separate app

Question

I have an ASP.NET Core Web API app and to secure it, I've implemented JWT Bearer authentication. The next step is managing user access and issuingJWT token.

Initially I considered using Azure AD B2C but it doesn't seem to support my business requirements. So I'm now considering using Identity Server 4.

Is Identity Server 4 run as a completely separate application? Also, am I understanding it correctly that it is used as:

1. A web interface for users to register and login
2. Also a web app with API that issues the JWT token

In other words, does Identity Server 4 "act" as my own Azure AD B2C service?

Answer 1

IdentityServer 4 is a Web app (Login & Logout pages) with an API that implements the OAuth 2.0 and OpenID Connect specifications. The samples provide a simple user login and logout views that you can change to your liking.

Regarding the user registration process, you may add that to your IdentityServer4 implementation or have that as a separate web application.

Similarities to Azure AD B2C

This came from another blog article

Authorization

Azure AD B2C allows you to model user roles as membership in groups that you define. You can’t currently get a token containing those claims, but you can use the Azure AD Graph API as a workaround to retrieve the group memberships, and use them in authorization checks inside your application. It’s a little tricky right now, but improvements to this are on the B2C team’s roadmap.

API Authentication

Azure AD B2C can provide tokens for authenticating API access via OpenID Connect, but beyond that the functionality is limited. The OAuth 2.0 Client Credentials flow isn’t supported, and B2C doesn’t include any API key management features, so you’ll need to roll your own code if your services need to support API key authentication.

Another article with PROS for IdentityServer4.

IdentityServer 4 is an authentication framework capable of out of the box Single Sign On (SSO) and security for your APIs, and most recently support for implementing your own authentication protocols and tokens, with a sample implementation for the WS-Federation protocol and SAML tokens. SSO works across all applications regardless of whether they are using OpenID Connect or WS-Federation.

Summary

IdentityServer4 is similar to Azure AD B2C with more functionality as noted in the linked articles.