Reputation: 4289
Identity Server 4 - using identity resources and API resources
I am setting up Identity Server 4, and I am not getting the relationship between scopes, API Resources, and Identity Resources. My understanding was that an API Resource could hold the collection of scopes, and the Identity Resource could hold the possible claims.
I call /connect/token to get a JWT, and it seems to only use the scope if I have defined it as a client attribute. Also, it only seems to return claims that I have directly added to the client.
What is the purpose of Identity Resources, and API Resources?
Upvotes: 3
Views: 1093
Answers (1)
Reputation: 2394
Best definition for Identity Resources is on IDS4 docs:
An identity resource is a named group of claims that can be requested using the scope parameter.
API Resources are a solution to grouping the scopes, per IDS4 docs they give us these additional features too
- support for the JWT aud claim. The value(s) of the audience claim will be the name of the API resource(s)
- support for adding common user claims across all contained scopes
- support for introspection by assigning a API secret to the resource
- support for configuring the access token signing algorithm for the resource
Upvotes: 0
Related Questions
- IdenityServer: API resources and scopes
- identity server 4 as a API and web project
- Requesting an API resource from Identity Server 4 without scopes
- User Authentication through API using IdentityServer4
- OpenID Connect and IdentityServer4: APIs vs scopes
- Identity server 4 and api application
- Identity Server 4 reference token and security
- Identity Server 4 internal API
- Identity Server 4 and web api for user management
- Register IIdentityServerInteractionService in Identity Server 4 for OpenID Connect