Justification
When it comes to Identity Server 4, I get to the road block when I think about user management design in client applications.
At this point, I installed Identity Server using ASP Identity user accounts as the repository for my users.
I created a user interface for adding users to the Identity Server user store.
I tested the setup of the client, which is an MVC application, and I am at a point where I can successfully authenticate with Identity Server and get the OpenID authentication token in my client application.
Identity Server provides authentication for my client application.
Now I need to focus on authorization in my application. That's where I'm stuck, I need to create users local to the application, where user privileges are stored in the application.
I will need to associate / associate a user in Identity Server with a user in a client application.
One way to do this is to save the sub in the identification token as a user's application in the client application database (Asp Identity). That way, when the user authenticates, I can find them in the local db based on sub in the token.
Sub must be a unique user identifier in the identity server user repository. Thus, if the user email address is changed, we can still link the two user accounts.
, , , , .
Identity Server ?
? Im ?
EDIT
, ?
, Identity Server.
IDP, , .
: -
- "clientA_role": "administrator"
- "clientB_role": ""
A, clientA_role
!
?