How to generate a custom authentication token in Orchard Core (Server-to-Server)

[MarGraz]

I have an Orchard Core 2.1.2 microservice that acts as an SSO (Single Sign-On) for other microservices and uses the built-in OpenIddict features. Now, I need to integrate a custom server-to-server authentication flow.

Basically, when receiving a request from an external server, after performing some custom validations, I need to generate an authentication token for a pre-registered user (identified by their ID or email) in the SSO microservice. This token would grant the user access.

How can I achieve this within Orchard Core?

Thank you

[MarGraz]

Hi guys, sorry for the direct mention @Piedone, @MikeAlhayek, @kevinchalet, do you have any idea on how can I do a custom authentication?

[kevinchalet]

I'm afraid custom grants is not something we offer in OrchardCore, that focuses on the standard flows (the closest we do support is the client credentials grant).

[MarGraz]

Thank you for your reply @kevinchalet.

With the "client credentials grant", when we receive a request from an external server, is possible to perform some custom validations, and then generate an authentication token for a pre-registered user (identified by their ID or email) in the SSO microservice? This token would grant the user access.

As you said, seems not possible. Otherwise how can we achieve this, or doing something similar?

Thank you for your time

[weirdyang]

Maybe use the SecurityTokenService

OrchardCore/src/OrchardCore.Modules/OrchardCore.Workflows/Services/SecurityTokenService.cs

Line 7 in 4d46493

public class SecurityTokenService : ISecurityTokenService