Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ApiResource vs ApiScope vs IdentityResource

I've read the IdentityServer4 documentation but I can't understand what is the exact difference between these three concepts. (ApiResource vs ApiScope vs IdentityResource)

1- As it is said in the documentation, API Scope models an OAuth scope. and API Resource models an API resource. So what is the difference between the OAuth scope and API resource?

2- also, as I understand in this section of document , in AllowsScope of client definition in Identity server, we must add IdentityResources. So what is the exact usage of Identity resources?

3- If I add some IdentityResources to client AllowsScopes, How can I see these Resources In client?

I am the beginner in Identity Server, which means that my questions are maybe elementary. but please answer it, I've searched a lot, and nowhere explain these concepts completely. For example,here is the definition of Identity resource!

like image 474
Happy Developer Avatar asked Sep 09 '20 11:09

Happy Developer


People also ask

What is Apiscope?

API Gateway 10.5 | Using API Gateway | APIs | API Scopes | Creating an API Scope. Creating an API Scope. Scopes enable you to group a set of REST resources, methods, or both, and SOAP operations for an API. A scope consists of a name, description, and zero or more resources, methods, or operations.

What is IdentityResources?

Identity resources are data like user ID, name, or email address of a user. An identity resource has a unique name, and you can assign arbitrary claim types to it. These claims will then be included in the identity token for the user. The client will use the scope parameter to request access to an identity resource.

What is API resource identityserver4?

The two fundamental resource types in IdentityServer are: identity resources: represent claims about a user like user ID, display name, email address etc… API resources: represent functionality a client wants to access.

What is scope in identityserver4?

Scope. Scopes are identifiers for resources that a client wants to access. This identifier is sent to the OP during an authentication or token request. By default every client is allowed to request tokens for every scope, but you can restrict that.


Video Answer


1 Answers

Scopes listed under IdentityResources are the scopes that will be included in the ID-token.

ApiScopes is what you ask for as a client and as a user you give consent to. Optionally, one or more ApiResources can associated with an ApiScope.

The ApiScope and ApiResources controls what is included in the access token. ApiResources points out what the aud claim in the access token will contains.

To summarize, the scopes sent by the client is a list of IdentityResources and ApiScopes.

enter image description here

like image 94
Tore Nestenius Avatar answered Oct 04 '22 15:10

Tore Nestenius