I am trying to use IdentityServer4 in a new project. I saw in PluralSight's "Understanding ASP.NET Core Security" video that IdentityServer4 can be used with claims-based security to protect web APIs. I installed my IdentityServer4 as a standalone project / solution.
I also saw that you can add IProfileService to add custom claims to the token that is returned by IdentityServer4.
One plan is to add new requirements to users in order to give them access to various parts of the api. However, I cannot figure out how to manage user statements on IdentityServer from an api project. I assume I should call IdentotyServer4 to add and delete user statements?
In addition, this is a good approach in general, since I'm not sure that it allows customers to add claims to IdentityServer for their own internal security purposes, it makes sense - and can cause conflicts (for example, several clients using the "role" requirement with the value "admin" ) Perhaps I should handle security locally inside the api project, and then just use the sub sub request to view them?
Does anyone have a good approach for this?
thank