Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What are User Claims in IdentityServer4 API Resources vs. API Scopes

Tags:

People also ask

What is API scope in identityserver4?

This value is used for authentication with introspection and will be added to the audience of the outgoing access token. DisplayName. This value can be used e.g. on the consent screen. Description.

What is API resource in IdentityServer?

The two fundamental resource types in IdentityServer are: identity resources: represent claims about a user like user ID, display name, email address etc… API resources: represent functionality a client wants to access.

What are API scopes?

Scopes enable you to group a set of REST resources, methods, or both, and SOAP operations for an API. A scope consists of a name, description, and zero or more resources, methods, or operations. An API can have zero or more scopes. You can define a set of policies and configure its properties for each individual scope.

What is API resource in Identity server 4?

The API Resource is your resource server as a whole. The Client (the one getting the access_token), requests the scope it needs, and the user grants the rights to the Client.

I've configured an instance of IdentityServer4 and have successfully configured it as a client for an OIDC provider. I'm now trying to set it up as the OIDC provider for my application. I've followed through the quickstarts and read the documentation, but I'm struggling to find an answer to my specific question.

User claims can be specified in a couple of different places: on the API resource and on the API scopes. What is the difference between specifying a user claim on an API resource vs. on an API scope for that resource?

My understanding of the terminology is that:

  • An API resource represents the API that clients will access, e.g. a "the GitHub API", my "data import API"
  • An API scope represents a subset of resources within that API, to which clients can request access, e.g. repo => public and private repositories, import_job:control => start/stop/delete import jobs
  • A user claim is a piece of information about the user, e.g. email => email address

It must make sense to associate user claims with an API resource and/or scope, but I can't make the mental leap to identify why and how. Please provide illustrative examples of these claims and what they represent in the contexts given above: the GitHub API (hypothetically, if there are none actually defined), and a generic batch import API.

Related questions

Pandas 'Passing list-likes to .loc or [] with any missing labels is no longer supported' on train_test_split returned data
Timeout expired pgadmin Unable to connect to server
How can I safely copy collections?
Inconsistent truncation of unsigned bitfield integer expressions between C++ and C in different compilers
EF Core: use a dictionary property
How do you format a datetime to am/pm, without periods, when using date-fns version 2.x?
Implementing Apple Pay with SwiftUI
Couldn't install netbeans 11.3 with Java 14 due to Error: "Unsupported JVM version"
Django Form DateInput with widget in update: loosing the initial value
Keras not training on entire dataset
TypeScript: Multiple constructor implementations are not allowed
TypeScript: ev.target and Node.contains: EventTarget is not assignable to Node

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!