We have a .NET Framework 4.6.1 app (not MVC) and want to integrate IdentityServer as an IdP to facilitate SSO with other sites. Say our app is our-app.com and we want to have our users automatically logged in to external-app.com. external-app.com supports OpenId Connect and needs to be able to read some user data from users logged in to our-app.com (firstname, lastname, email to be exact).
our-app.com has a login mechanism that not only authenticates users, but also does two-factor authentication and performs a number of other functions to set session data about the user. These functions use business logic classes that are deeply integrated into the codebase.
Is possible to achieve this without moving the login functions to IdentityServer? Can we somehow use OIDC Resource Owner Password flow at some point in the login process to create a session in IdentityServer that external sites will be able to recognize? Or will we need to move all login and related business logic into IdentityServer?
New to OAuth2 and OIDC so any advice is greatly appreciated.
I've setup Duende IdentityServer and am able to make an HTTP call to it using the /connect/token oidc endpoint and passing ClientId, ClientSecret, scope, username & password. I get a token back, does this mean that an external site will now be able to hit IdentityServer OIDC endpoints and get data about the logged in user?
