IdentityServer4 Protecting Web API Using Client Credentials - Implement IClientStore And IResourceStore
In this article, we will implement an IdentityServer4 to protect a Web API with client credentials. Client Credentials Flow: Client credential flow suitable internal communication between that application. In this flow application request the IdentityServer jwt access token to consume the protected API resources. Client Credential flow requires 'ClientId', 'ClientSecret' for authentication. Clients are applications that want to consume the protected API by the IdentiyServer. Each client should register with IdentiyServer. So IdentityServer stores client information like 'ClientId'(unique identifier), 'ClientSecrets', 'Scopes' etc. So clients using 'ClientId', 'ClientSecret', 'Scopes'(optional) can request the IdentityServer as a trust client to get the JWT token. Protected API's are registered under IdentityServer as 'ApiResoucers' with set of 'Scopes'. So any client to access the protected API, then cl