I have implemented an Identity Server4 and it looks great. Now, I have a requirement to connect a native mobile app(xamarin) to it.Most of the blogs and discussions suggest to use either "Authorization Code" or "Hybrid" flow, and the xamarin example in the github uses "Implicit" flow.
I have been through this documentation on Authorization flow and it does not talk anything about username or password. https://identityserver4.readthedocs.io/en/release/endpoints/authorize.html
What I need is to allow the user to supply his/her username and password to the authentication server, and the server should ultimately give back the access code.
There are two "mindsets" -
a) the login UI is native in the application
b) the login UI is rendered from the OpenID Connect in a browser
Generally b) is recommended - check the spec:
https://tools.ietf.org/wg/oauth/draft-ietf-oauth-native-apps/
I also did a talk about that last year:
If you absolutely don't want the redirect/server-based approach, then research the "resource owner password grant" - e.g. here:
https://identityserver4.readthedocs.io/en/release/quickstarts/2_resource_owner_passwords.html
But, I would not recommend it.