ASP.NET Core Identity provides common Authentication features such as a registering a new user with email verification, multi-factor authentication, using external authentication providers such as Google & Facebook, and much more. ASP.NET Core Identity maintains its own database tables, and can be seen as somewhat of an enclosed isolated system.
However, ASP.NET Core Identity has, from the start, been intended to be used to provide a web-based user interface. But, what if we want to integrate many of those features via a WebAPI? Perhaps later, we might even want to take advantage of the provided user interfaces…
Introducing IdentityServer4. IdentityServer4 is designed to provide Authentication as a Service & Access Control for APIs. IdentityServer can be used to get the access tokens needed to consume our webapi.
Turns out IdentityServer4 is able to use the tables provided by ASP.NET Core Identity (see ASP.NET Identity Support). Combining these two let’s us implement a perfect solution from 5 years ago posted here, now in just a few lines of code.