My goal is a Angular app that consumes a web service, with users of the app/web service authenticated using Windows auth. Users should be able to log into a machine on our Windows domain, open a browser and use the Angular app without logging in again.

Research

I downloaded all the source code samples from https://github.com/IdentityServer/IdentityServer3.Samples/

I worked through the Simplest OAuth2 Walkthrough sample. No problems.

I then opened the Web Host (Windows Auth All-In-One) sample. I could restore and build the project, after commenting out two lines of code that were causing issues (Clients.cs lines 313,359, setting 'AllowAccessTokensViaBrowser=false'. Probably not relevant.)

When the app was run, I could see the IdentityServer3 landing page on localhost:44333. Great.

I could also see the Windows authentication service metadata (A SAML document) on localhost:44333/windows. Also, great.

The problem is, I don't know what to do next. This document seems to suggest that the next step involves writing a client that makes a call to the Windows authentication service to get a token:

http://github.com/IdentityServer/IdentityServer3/issues/1463

Is this the right approach? I can't make the code sample work. I am not even sure I can pointing the OAuth2Client at the right place. Please can someone explain this process, or point me a example with a working client? Thank you in advance for help :)

EDIT

I have been doing some further research. I have checked the logs of the Identity server to make sure that the Adding WS-Federation endpoint operation completes during configuration. It does.

Then I created a simple console app to call the Windows authentication service, as suggested here: github.com/IdentityServer/IdentityServer3/issues/2318

Having imported Thinktecture.IdentityModel.Client, I modifying the code on that page to fit my port numbers etc, I ended up with this:

   var handler = new HttpClientHandler
   {
       UseDefaultCredentials = true
   };
   var oauthClient = new OAuth2Client(
                    new Uri("https://localhost:44333/windows/token"),
                    handler);

   var result = oauthClient.RequestCustomGrantAsync("windows").Result;

My result object still has a HttpErrorStatusCode of NotFound, which makes me sad.

ANOTHER EDIT

I tried pointing the client at the Identity server endpoint, as suggested below by Branimir. So my code now reads:

var oauthClient = new OAuth2Client(
   new Uri("https://localhost:44333/connect/token"),
   handler);

This does not work either. This is what the Identity server logs say:

Start token request
iisexpress.exe Information: 0 : 04/27/2016 20:35:23 +01:00 [Information] (IdentityServer3.Core.Validation.SecretParser)
 Parser found no secret
iisexpress.exe Information: 0 : 04/27/2016 20:35:23 +01:00 [Information] (IdentityServer3.Core.Validation.ClientSecretValidator)
 No client secret found
iisexpress.exe Information: 0 : 04/27/2016 20:35:23 +01:00 [Information] (IdentityServer3.Core.Endpoints.TokenEndpointController)
 End token request
iisexpress.exe Information: 0 : 04/27/2016 20:35:23 +01:00 [Information] (IdentityServer3.Core.Results.TokenErrorResult)
 Returning error: invalid_client

So I am no further forward.

Why do you want to use the token endpoint at all - simply do OAuth/OpenID Connect implicit flow. This will authenticate the user automatically using Windows authentication.