'Can I pre-authenticate my Angular Client Application using Identity Server 4 to call my locally hosted .Net Core WebAPI

I have an Angular Client App, which calls a .Net Core WebAPI hosted on the same box. It is authenticated using Identity Server 4 in a separate WebAPI.OAuth application.

My solution goes on a standalone Raspberry Pi Kiosk, so most of the time interaction between the Client App and the WebAPI is on the same box. The WebAPI drives some hardware which the user can interact with.

The reason for using Identity Server 4 is that it is possible to access the WebAPI from another networked location to monitor what is happening with the API.

My Question is: Can I pre-authenticate the local Angular Client App so that the user doesn't have to log in? I need a bit of a steer on my approach to what to look at as Identity Server 4 is vast with many options, and I just need the simplest.

angular.net-coreidentityserver4


Solution 1:[1]

There are quite a few OAuth 2.0 flows that I think you might be able to use here. You can read about all of them, here. Even though the article is from auth0 but IdentityServer 4 supports most (if not all) of these flows.

It seems like you're trying to authenticate the app (or the IoT device on which the app is running) rather than the user itself. In this case, I would recommend the Authorization Code Flow. For this approach, two HTTP Requests would've to be made. First one would look something like:

GET /connect/authorize?
    client_id=client1&
    scope=openid email api1&
    response_type=id_token token&
    redirect_uri=https://myapp/callback&
    state=abc&
    nonce=xyz

Once you've received your auth code, then you can make another request to get your JWT token from the following endpoint.

POST /connect/token
CONTENT-TYPE application/x-www-form-urlencoded

    client_id=client1&
    client_secret=secret&
    grant_type=authorization_code&
    code=hdh922&
    redirect_uri=https://myapp.com/callback

You can read in detail about the Authorize & Token endpoints of IdentityServer 4, here and here.

Solution 2:[2]

You can use the resource owner authentication flow which allows you to automatically get a token on behalf of a user.

when your angular app starts it issues an authorization request to your identity server using resource owner password flow and providing the client_id client_secret, username, password and grant_type once you get the access token you can store it locally and reuse it when interacting with you WebAPi. the authorization request would look like

POST /connect/token HTTP/1.1
Host: <identity server host>
Content-Type: application/x-www-form-urlencoded

client_id=<client_id>&client_secret= 
<client_secret>&grant_type=password&username=<username>&password=<password>

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Haseeb Ahmed
Solution 2 aamd

Related Questions

How do I add Pulumi to my GitHub Codespaces / VSCode .NET devcontainer?

Unit Testing WeakReference

Nearest location from JSON column

Using 'UseMvc' to configure MVC is not supported while using Endpoint Routing

Azure Functions how to get a new local.settings.json?

Unable to create an object of type 'MyContext'. For the different patterns supported at design time

Unable to start process dotnet.exe

Is it possible to run a .NET Core console application silently (hide console window)?

Displaying website image testing vs. production

How to set json serializer settings in asp.net core 3?

Form view designer is not working in Visual Studio 2019 with C# .NET Core 3.1 [duplicate]

Remove unnecessary usings with dotnet format

Assets file project.assets.json doesn't have a target for 'net6.0-windows10.0.19041.0/win-x64'

The constraint reference 'string' could not be resolved to a type. (netcoreapp3.0)

How to use Bootstrap modal in Blazor client app?