Managing Authorization Server Clients
These are virtual Authorization brokers that take up the task of mediating the authorization between the client applications and the authorization server
The data persistence is done to "ClientDetails" table
The Authorization server cannot be requested without the above given client.
There may be many clients for a single tenant for ex
Mobile Client that can be used with the Implicit flow
Web Client that can be used with the Authorization Code flow
There are many ways to configure the clients
In case of very minimal customization required per client of a type [Ex: Code / Implicit], the redirect uri's can be appended to in the DB to enable many apps to re-use a client.
In case of different application types to be configured and used with varying configuration, the right approach would be to create different clients for the different apps
Ex: An angular front end app may not have a refresh_token flow configuration where as a mobile app will require a refresh_token and with an offline_access setting
In the Startup.cs file for the web / web api project, provide the correct clientid in LOWERCASE and also update the "AuthIssuer" value in "AppSettings" section of the web.config files.
In case of a very trusted and fine-grained control / flexible system requirement, follow the steps outlined in the following article
In case of any other details or clarifications, please feel free to write to us @ firstname.lastname@example.org.