Now we can add clients. Modify ConfigureServices method in Startup:
The code defines a client without client secret. If you need a client secret, follow the Secrets document. AllowOfflineAccess is set to true which means a refresh token will be issued for every token request. By default, refresh tokens will be kept in memory. Later we will learn how to support other storages.
Add Resource Owner Password Validator
IdentityServer doesn’t know your resource owners’ credentials. You need to provide your own IResourceOwnerPasswordValidator implementation. The example below hard codes username and password. But you can inject your own user repository and do similar validation.
Then we should tell IdentityServer to use our implementation.
Token Request
The token request endpoint is /connect/token. You can use the following cURL command to request a token. (PS: Change the port to match yours.) You can also import cURL to Postman. Or learn more about cURL and play around with it.
When you get a JWT, go to https://jwt.io to find out the details embeded.
And here is the cURL script to use the refresh token. (PS: change the refresh token to a valid one.)
Custom Claims
You can add custom claims like this.
But you need to tell IdentityServer to add them to your JWT.