I have two web applications that need functionality for Authentication And Authorization. The server side runs Asp.NET Core 3.0, client side runs Angular and I intend to implement IdentityServer with a Proof Key for Code Exchange (PKCE) flow. Official IdentityServer documentation (https://identityserver4.readthedocs.io) refers to package IdentityServer4 while the dotnet templates (https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-3.0) use Microsoft.AspNetCore.ApiAuthorization.IdentityServer . I can't find a proper description of the latter package, it is listed as an implementation of IdentityServer. However the configuration methods available between the two packages is different.
I would like to run IdentityServer as middleware in my web application, and issue the PKCE secret doing the authentication and authorization in full. I am not sure if IdentityServer4 can run as middleware in my main application or needs to be middleware in its own application, and am not sure if Microsoft.AspNetCore.ApiAuthorization.IdentityServer supports PKCE flow.
Which package meets both my requirements?
