I use IdentityServer4 to issue JWT for my clients to access different API servers.
Now we experimented with passwordless-login by sending the client an OneTimePassword which he has show back to the server in order to get an access_token in exchange.
But i don't find any way to create a IdentityServer4 compliant JWT manually. I've seen the IdentityServerTools providing IssueJwtAsync and IssueClientJwtAsync. But the first one lacks the option to specify an audience which makes the generated JWT fail in validation when presented back to the API server. The other method lacks the option to embed Claims, so i get a token that doesn't belong to anybody (no user information in the sub field).
So my question is: if i got a ready-to-use IdentityUser at hand, he's trusted by submitting a OneTimePassword, how would i now generate a valid JWT Token for this IdentityUser?
As far as i can tell, this is not something i can workaround with the provided Token-Endpoint by IdentityServer, right? But obviously this is done somehow inside of IdentityServer when using the Token endpoint...
