I am trying to implement alternative strategy to onboard and authenticate users who do not want to use social sign-in and want to use username and password based authentication.
My authentication server is written in node.js with passport.js and expressjs. It returns a JWT token if authentication is successful using openid connect.
My question is how does the local authentication sit with external authentications in such setup?
I thought of using resource owner password credentials for local authentication and make web-app pass credentials using this flow to authentication server.
The advantage of this ROPC local authentication is that the authorisation server can support both local authentication and social logins using oauth.
is it a good practice or should local authentication just be non-openid connect simple solution?
