identityserver4 - IdentityServer 4 Restfull Login/Logout

Question

Been looking into the identity server 4 solution to compliment my ASP CORE api. Using a SPA page on front end, does IdentityServer4 have the capability to manage restfull calls for login/logout/other?

Currently my solution works perfectly to redirect to and from the IdentityServer4 solution, but wondering if i can improve on UX by avoiding the redirects that occur on login/logout?

I've heard of PopUp and iFrame capability, but from research that opens up other risks.

(not sure if this question is for stackoverflow or software engineering stack, happy to move it)

Answer 1

You may do this by using the resource owner password grant type, where you could provide your own login screen and pass the information to IdentityServer.

In IdentityServer you would implement the IResourceOwnerPasswordValidator interface to validate the users.

In your Startup.ConfigureServices add the following.

Services.AddTransient<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();

Here is a sample ResourceOwnerPasswordValidator class.

public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
    {
        private IUserManager _myUserManager { get; set; }

        public ResourceOwnerPasswordValidator(IUserManager userManager)
        {
            _myUserManager = userManager;
        }        

        public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
        {            
            var user = await _myUserManager.Find(context.UserName, context.Password);

            if (user != null)
            {
                context.Result = new GrantValidationResult(
                        subject: user.USER_ID,
                        authenticationMethod: "custom",
                        claims: await _myUserManager.GetClaimsAsync(user));
            }
            else
            {                 
                context.Result = new GrantValidationResult(
                        TokenRequestErrors.InvalidRequest, 
                        errorDescription: "UserName or Password Incorrect.");
            }             
        }
    }

The IUserManager implements the logic to check the database to validate the user.

Then the SPA client would use the GrantTypes.ResourceOwnerPassword. Here is an example you could start with.

DISCLAIMER This is not the recommended flow to use.