integrating custom solution with identity server

for various business reasons our login progress is basically a workflow composed out of a variable number of steps (where the ID provider login - ie google, facebook etc ) is only a very small part of the entire workflow.

we have an identity server instance set up for various 3rd party integrations (using the client credentials flow).

we have a current new requirement to expose an oauth version of our authentication flows.

i'm wondering if this is somehow supported? in essence use identity server to validate the client and it's return url and the like - but keeping the actual act of login completely seperate.

if not - I'm guessing that we should self validate client and return url - using a custom grant to return access & refresh tokens to the 3rd party.

1 answer

  • answered 2018-01-12 08:02 leastprivilege

    IdentityServer and "login application" can be separate. Unfortunately we don't have good documentation for that.

    But the specs are basically

    • Configure the login page URL on the options in startup
    • We hand you a return URL to the login page
    • When you are done, call a custom API in the IdentityServer app that sets the sign-in cookie
    • redirect back to the return URL you got in the first place

    As I said, right now you are pretty much on your own. But it has been done before - if you get it working, feel free to contribute that back to the docs.