Not completely new, but re-designed.
In IdentityServer3, we used the user service for both interactive as well as non-interactive authentication. In IdentityServer4, the interactive authentication is done by the UI.
OAuth 2 resource owner password validation is disabled by default – but you can add support for it by implementing and registering the IResourceOwnerPasswordValidator interface.
This gives you more flexibility as in IdentityServer3 since you get access to the raw request and you have more control over the token response via the new GrantValidationResult.
Filed under: ASP.NET, IdentityServer, OAuth, WebAPI
