Identity Server: Getting Token using APIs and avoiding Identity Login

Question

I am using Identity Server 4 and trying to connect users logging from angular app (using Implicit Flow) to allow them to access other apis. I am trying to avoid getting users landed in ID Sever login page.

I need to place the login form in the angular app and communicate with identity server through endpoints (skipping step 2 below)

The is flow of communication now:

1. User requests to login: I will call the Authorize Endpoint with needed params
2. Then Identity Server renders the login form and asks for credentials
3. After credentials validation the user is directed back to angular app

I am trying to communicate with connect\token endpoint directly (passing all required params including username and password) to get a token, however it seems it needs a secret which is not applicable in Implicit Flow case.

• Is there a way to communicate just through APIs and return a token and in case i need to change the implicit which type should i use?

Answer 1

I am trying to avoid getting users landed in ID Sever login page.

By definition the implicit flow contradicts this requirement.

Answer 2

I think you can accomplish what you want with

Flows.AuthorizationCode

I've set up Postman to work this way for testing. There is a sample that shows how to do this in c# at https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Clients/ConsoleResourceOwnerWithUserInfo/Program.cs

Not sure why you'd want to do things this way though. In general, the implicit flow is better, since your app will not be responsible for securing the password, which can be non-trivial.