How to Get token from Duende Identity Server (IdentityServer4)

Question

There are a few days I am reading the Duende Identity server (IdentityServer4) so I know about the different concepts and their usages such as Scopes, Resources, Client ...

The area I am confused about it is the clients. So I integrated the AspIdentity as an ApplicationUser in the IdentityServer (you can find the configs below in the code sections) but when I want to call the /connect/token which is a pre-defined endpoint from Duende, it needs to add ClientId and Secret but I want to use Username and the password of my registered user.

So the idea that comes to my mind is to Create a custom endpoint: after validating the user's credentials using SignInManager then I will find the Users client and then sign in to the Duende IdentityServer however I tried to do that but it is a bit inconvenience way to have an HTTP-call again to the same service to get the token of the User.

 builder.Services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlite(connectionString));

        builder.Services.AddIdentity<ApplicationUser, IdentityRole>()
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

        builder.Services.AddSwaggerGen();

        builder.Services
            .AddIdentityServer(options =>
            {
                options.Events.RaiseErrorEvents = true;
                options.Events.RaiseInformationEvents = true;
                options.Events.RaiseFailureEvents = true;
                options.Events.RaiseSuccessEvents = true;
                options.EmitStaticAudienceClaim = true;
            })
            .AddAspNetIdentity<ApplicationUser>()
            .AddConfigurationStore(options =>
            {
                options.ConfigureDbContext = b =>
                    b.UseSqlite(connectionString, dbOpts => dbOpts.MigrationsAssembly(typeof(Program).Assembly.FullName));
            })
            .AddOperationalStore(options =>
            {
                options.ConfigureDbContext = b =>
                    b.UseSqlite(connectionString, dbOpts => dbOpts.MigrationsAssembly(typeof(Program).Assembly.FullName));

                options.EnableTokenCleanup = true;
                options.RemoveConsumedTokens = true;
            });


        builder.Services.AddAuthentication();

if I can solve this issue in a convenient way so the other steps are very obvious and straightforward.

Answer 1

The clientID and secrets are meant to identify the application that wants to connect to IdentityServer and not the user; why can you not use clientID/secret for what it is intended for?

Also, the main purpose of OpenID connect is to not let the client application ever touch or see the user's username/password. That is why we delegate the authentication to IdentityServer.

Answer 2

Clients in Identity Server are the type of plateforms or applications which will use this Identity server and request authentication from this Identity Server. You can register an many clients you want. You can also specify what amount of information you will share with which client Read this article for better understanding. https://docs.duendesoftware.com/identityserver/v6/fundamentals/clients/

When you are making authentication request from any application you have to specify the client so that the Identity Server can check the details about the scopes, Resources, redirect urls of the specified client and then handle the request accordingly.

basically sending client details just specifies that this application is registered to request token from the Identity Server.