I have a website where an administrator manages the user accounts (membership), assigns permissions etc. It is built with ASP.NET v4.6, Owin, ASP.NET Identity, Entity Framework & WebApi, with an AngularJS front end. The user logs into a page which (based on the examples on bitoftech.net) calls a token end point and if successful, gets a JWT token, which then authorizes him/her to access the API. It works well.
I'm upgrading to ASP.NET v5, and from what I can tell, there is no OAuth2 authorization server middleware that I would need to do this.
Dominick Baier (who I hope reads this!) pointed me to the AspNet5 sample for Identity Server v3. From what I can tell:
- There is no 'token end point' - you log in through the Identity Server login: I don't want users to do that.
- You then authorise clients to access your data: I don't want this functionality.
Basically, this is not what I am looking for; this looks like letting users control which apps/clients can access their data/claims, the kind of thing Facebook uses. All I am trying to do is replace a normal Http cookie with a JWT token, because I'm using AngularJS and am using bearer tokens. But every time I research how to do this I end up being pointed to Identity Server V3. So really, my question is, is Identity Server V3 the right tool for what I need, and if so, could you PLEASE point me to a working resource/sample/tutorial that shows how this would be done.
