Hello, I've encountered a small dilemma regarding architecture. I have two separate applications and one Identity Server4 Application. One of the applications is an AspNet core 2.1 API solution running on a different domain and server, as well as the other two. Now, here are the key points that are causing my confusion:
- I have added my Client Application (which is Vue.js SPA) as a client in Identity Server4 with Implicit mode since it is a JavaScript client.
- Do I need to add the API application as a client in the IDP Server?
- If yes, then how do I call any API from Vue.js using Axios? When logging in from the Vue.js application, it will receive the Token for this client which will be used to display or hide buttons and sections on the web page.
- I am unsure whether to use the Claims received for the vue.js client to validate the API.
- If I register the API as a client in Identity Server 4, how can I invoke the API from the Vue.js client application?