Talking to IdentityServer4 with an Angular SPA application for authentication/authorization receiving a token then talking to Web API

Question

I have an asp.net core Web API. I am currently making calls directly to it using an Angular 4 app.

I now want to add authentication and authorization layer.

I would like to do this by adding another project (strictly for auth) of type : ASP.NET Core MVC (w/ Individual User Accounts) to my solution and then adding IdentityServer4 to it. The plan is to use the existing Identity tables to store users, roles, etc.

Once this is all setup I am a bit confused about how my Angular 4 SPA app or any other third party authenticates through the IdentityServer app. I would assume this then returns a token of some sort. Then proceeds to make calls to my original Web API project (i.e. GetCustomers()) with that token.

From the research I did it looks like the only other thing that I need is JWT bearer authentication in ASP.NET Core.

Can someone please provide me with some links/information on how to go about this entire process. Haven't found any good videos that go through the entire thing. Also, please confirm that the above pattern I am talking about sounds correct.

Answer 1

Identity Server has different flows/grant types, the one you talking about called implicit in that case Identity Server will return a jwt token so you have to be storing that jwt token on a client and then attaching that token to request header when requesting your secure webapi routes.

Official samples it is very good starting point also checkout their blog that has lots of useful info covering the topic.

Talking about the good videos on the topic here is a good one from the recent NDC conf IdentityServer4: New & Improved for ASP.NET Core also if you want to learn stuff more deeply you can checkout this pluralsignt course by Dominick Baier