0

There is a desktop application connects to an API server which this API server has been defined as a IdentityServer4.Models.ApiResource in the authentication server. Also, there is a web application (a IdentityServer4.Models.Client) that this desktop application is willing to show in its web-view form (using QWebEngineView in Qt).

The user in that desktop application connects to the authentication server (using GrantTypes.ResourceOwnerPasswordAndClientCredentials) when he/she want to communicate with the API server. From then the authentication token passes through a bearer header.

So, we have these applications:

  • authentication server
  • standalone web application (use authentication server for authentication)
  • API server
  • desktop application (connects to the API server and willing to show the web server in itself)

How is it possible to for the web application inside that desktop application to recognize the user and not to ask for her user and password again after successfully connected to the API server?

Babak
  • 3,716
  • 6
  • 39
  • 56
  • Can you explain what do you mean by web server inside desktop application? Do you mean web application client? – Aeseir Feb 12 '18 at 02:02
  • @Aeseir , yes, you are right. It's a standalone web application. I updated the question. – Babak Feb 12 '18 at 07:22

1 Answers1

1

In desktop app You have to store (in file system e.g.) an access_token and maybe a refresh_token for future usage. And when user runs the app, You just check an access_token and It is valid You should use that token without login/pass request. In my opinion, It is never mind, how Your desktop app works specifically - web-view form, or clearly native. Desktop app should to store tokens.

Artem
  • 487
  • 1
  • 8
  • 19