API authentication with ADFS and Angular.js

Question

I'm tried to build a new rich application and i'm having some problems designing the authentication process.

I've only two requirements :

1. An API needs to be available
2. An ADFS needs to be used to authentication

My first thoughts was to build the API and to use Angular.js for the frontend. However, I can't see how the authentication should work.

My API needs to be available though scripts. As far as I saw, the ADFS authentication always display t the webpage for the authentication process.

API are usually secured with OAuth2. We used an client id and a client secret to generate a token. But I can't have this behavior with an ADFS.

The only solution I see is to provide two authentications behavior with my application. One with the ADFS for the web access and in the web interface, add a possibility to generate a client id and a client secret associated with an user account that could be used for the API to the headless authentication.

Someone has already faced this kind of scenario?

Thanks a lot!

Answer 1

I assume the 'ADFS needs to be used for authentication' really means 'users should be able to use their Active Directory domain credentials to authenticate'.

If that is the case, you should take a look at Thinktecture IdentityServer. It's an OAuth2 authorization server that you can use with a Active Directory identity provider.

P.S. ADFS 3.0 that comes with Windows 2012R2 only supports the authorization code grant, which is not suitable for JavaScript apps.