There are two types of authentication, cookie and bearer. Where the cookie keeps you logged in, the bearer token can’t. Because the bearer token is set to expire at some point, without allowing you to change the lifetime. The only way to access the resource (api) after the access token expires is to either let … Read more
Scopes listed under IdentityResources are the scopes that will be included in the ID token. ApiScopes is what you ask for as a client and as a user, you give consent to. Optionally, one or more ApiResources can be associated with an ApiScope. The ApiScope and ApiResources control what is included in the access token. … Read more
Update – IdentityServer 4 has changed and replaced IUserService with IResourceOwnerPasswordValidator and IProfileService I used my UserRepository to get all the user data from the database. This is injected (DI) into the constructors, and defined in Startup.cs. I also created the following classes for identity server (which is also injected): First define ResourceOwnerPasswordValidator.cs: public class … Read more
The problem is that the claims are not added to the access token. There are two tokens, the access token and the identity token. When you want to add claims to the identity token, then you’ll have to configure the IdentityResource. If you want to add claims to the access token, then you’ll have to … Read more