Experiments with IdentityServer4
- IdentityServer4 host is set up with in-memory clients and API resources. Dumb implementation of Profile and ResourceOwnerValidators are set up for the time being.
- Auth against the
/connect/token
endpoint (more info here http://docs.identityserver.io/en/release/endpoints/token.html) - Pass access token to the endpoint needing authentication in the
sessionToken
header. This overrides the default behaviour defined by theIdentityServer4.AccessTokenValidation
package, which is to read theAuthorization
header. Behaviour is overridden by setting a customTokenRetriever
method when invokingUseIdentityServerAuthentication
inStartup
.