Closed bt-exwo closed 1 month ago
The protocol doesn't work in the way you describe. To make your application safe the recommendation is to not have the user enter credentials in your front-end. Instead use a BFF that is configured as a client of an IdentityServer identity provider.
IdentityServer isn't meant to be used in an API. It offers a way to create an identity provider using ASP.NET Core.
Since I have the feeling your knowledge about the workings of this process is not sufficient, I recommend you take all our quickstarts in order. In the accompanying videos I'm providing some more context so please watch them too.
@bt-exwo Did my comment help you out? If so I'd like to close this issue.
Closing the issue for now but feel free to add to it if needed.
Hi,
I want to build backend .net core api service. This service should support also login with email and password. I want to use IdentityServer middleware. I need also server side session functionality in order to be able to force user's logout. But I want our client app(react SPA hosting the login form) just to post the username and password to the api, the signInManager to sign in the user, identity server to handle the server side session and to issue Authentication Bearer token for future authentication. I've tired to configure it with checking the samples but after login and returning cookies for idsrv.session I am not sure how to issue the authentication token.
MAybe I have to configure BFF?
Can someone help with the cofiguraitons?
Regards, Boris T.