Custom app login screen with identityserver4

[amiteshs]

I am new to IdentityServer4. We have an existing Web app and now we are planning to write an API for 3rd party apps to connect. We want to use IdentityServer4 for the authentication. I have the IdentityServer server running but I want the user to be directed to our Web login page to login rather than the IdentityServer login. I can achieve this by setting the UserInteractionOptions.LoginUrl. After the login I redirect the user to the return Url that was passed in but the identity server redirects back to our web app and the keeps cycling. How can I tell the IdentityServer that the user has been authenticated? So that the IdentityServer shows the consent screen

[brockallen]

have you read the docs?

http://docs.identityserver.io/en/release/topics/signin.html#login-workflow

[amiteshs]

Yes I have and that link does not explain how to achieve my scenario.

[brockallen]

Well, your external app would somehow need to issue a cookie at your IdentityServer. How that's done is up to you. We do have customers doing that successfully.

[karpikpl]

Hey @amiteshs - have you solved your problem?

[amiteshs]

The way I solved it was as follows.

1. I set the ConsentUrl in IdentityServer to point to an endpoint on my server which needs users to be authenticated. Code snippet below. This goes in the ConfigureServices(IServiceCollection services) method in Startup.

services .AddIdentityServer(options => { options.UserInteraction = new UserInteractionOptions() { ConsentUrl = "https://.......your_app_end_point_here" }; })

2. When the user comes to the ConsentUrl end point, they get redirected to the login page of my app if they were not logged in, as the endpoint only allows authenticated users. My app is a ASP.Net MVC app. After login the users get redirected to the ConsentUrl in my app. Here I get the user to consent the thrid part app. After consent I create a token which I store in our app cache. The user then gets sent to an endpoint on the IdentityServer that I created which you would need to create anyways. With this redirect I pass the token that was created in my app.

3. At that endpoint I take that token and check in the app cache to see if the token is valid. Together with this token I store other meta data that IdentitySever can use. If token is valid, I sign the user in at the identity server which issues the cookie - HttpContext.SignInAsync(...). This code is available in the quick start already. Here you can then also set the consent info. You can store the token in DB as well which the IdentityServer will need access to.

4. After the sign in is done and all the consent work is done, I redirect the user back to their app based on the url that was passed in.

With this workflow I get the access token and refresh tokens that can be used by the 3rd part app and the our API.

Hopefully this gives you what you were after,

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.