leastprivilege
commented
7 years ago No it is not possible. Because it is neither OpenID Connect nor is it recommended.
https://tools.ietf.org/wg/oauth/draft-ietf-oauth-native-apps/
Closed MrXemiu closed 7 years ago
leastprivilege
commented
7 years ago No it is not possible. Because it is neither OpenID Connect nor is it recommended.
https://tools.ietf.org/wg/oauth/draft-ietf-oauth-native-apps/
MrXemiu
commented
7 years ago Ok, that's what I was afraid of. I remember reading about the recommendation with the reasoning that the user credentials were only ever known by the identity service which was a great security practice.
I figured that a case could be made that when apps and identity service have the same owner, it would be an exception to the security concern.
Am I correct in assuming that my only option is to create a login form within my IdentityServer4 implementation that mimics the look and feel of my mobile app? Or is the limitation within OidcClient and not neccessarily with IdentityServer4? Does ID4 expose endpoints that can take user+client credentials for authentication?
leastprivilege
commented
7 years ago IdentityServer4 support the password grant type. Check the OAuth2 spec to learn more. You can use that if you want.
MrXemiu
commented
7 years ago Thanks for the hint, I used it to solve my problem and then posted it as an answer to my own question on StackOverflow in case anyone else finds themselves searching for a similar solution and they find it helpful. I'm posted a link to that answer here for the same reason.
We have our own implementation of IdentityServer4. I'm writing a Xamarin.Android app that consumes our APIs and want to authenticate against our identity server. I don't necessarily want to use the identity server sign in form, rather I want to collect the login information from a native mobile form. Is it possible to do this with OidcClient and if so, can you point me to an example?
Thanks, Gabe