Reputation: 2994
IdenityServer: API resources and scopes
My understanding is that a Client is allowed to access ome or more ApiScope and an ApiScop is linked to many ApiResources the names of which become the values of the audience claims.
I.e., 1 client -> many API scopes and 1 API scope -> many API resources
However, people talk about ApiResources having ApiScopes (not scopes having resources) which does not seem to be how the model works.
How is it supposed to work? Is there any documentation?
Upvotes: 2
Views: 520
Answers (1)
Reputation: 19981
When you define an ApiResource, you add what ApiScopes it belongs to.
Like in this code, where Scopes below is tied to two ApiScopes.
var invoiceApi = new ApiResource()
{
Name = "invoiceapi",
Description = "This is the invoice Api-resource description",
Enabled = true,
DisplayName = "Invoice API Service",
Scopes = new List<string> { "invoice", "manager" },
};
Also, do see my answer here:
ApiResource vs ApiScope vs IdentityResource
To complement this answer, I write a blog post that goes into more detail about this topic: IdentityServer – IdentityResource vs. ApiResource vs. ApiScope
Upvotes: 3
Related Questions
- Understanding the IdentityServer and API communication
- identity server 4 as a API and web project
- Identity Server Confusion
- Identity server 4 and api application
- How to use IdentityServer4 scopes in resource api
- Identity Server 4 internal API
- Identity Server 4 and web api for user management
- Do IdentityServer4 API Resources require a secret?
- IdentityServer 4 as a web API
- Multiple Api Resource