Our Aurelia application use Net Core 2.1, protected by default, and therefore Microsoft Identity using Claims is implemented as standard solution though this does not cover out of the box all that is necessary to implement a secure Single Sign On capability. This would be extremely useful where other Aurelia and non-Aurelia applications are managed in the Enterprise. The Microsoft Identity essentially changes the Aurelia Single Page Application (SPA) into a multi page application secured by their system using login challenge on a protected route and authentication/authorization occur when the credentials are presented. Clearly, the Login, Logout, Access Denied, Forgot Password pages remain unprotected which is fine since Net Core Identity is inherently secure whilst the Net Core framework handles challenge results, cookies, session state etc. These pages can be easily customised so the Forgot Password page could quickly be authorised to stop forgotten passwords being changed if needed.
The only open source package which appears to cover satisfactory Single Sign On is IdentityServer4 which uses OpenId Connect and OAuth2 to handle the necessary tokens for a range of flows (eg authorization code flow, implicit flow, hybrid flow) and writing these into an application can be problematic. Has any one done this yet? Does it work?