What is scope in IdentityServer

Question

I am trying to understand IdentityServer3 and different terms associated with it in order to secure my Web APIs. Can someone explain what is significance of Scope in IdentityServer with some good example.

I found this link but idea is not clear.

Thanks in advance!

Answer 1

Scope

It's safe to say that Scope is kind of a role to access a specific set of resources IMHO. IdentityServer has two scope types, the ScopeType enum is defined and described as 'OpenID Connect scope types.'

• Identity Scope : representing identity data (e.g. profile or email)
• For example, if you have a profile identity scope, then clients with this scope can get the profile data from an identity provider ( e.g. IdentityServer )
• Resource Scope : representing a resource (e.g. a web api)
• For example, if clients have a calendar resource scope, then they can call a /get/calendar/months web api and get the resources.

Scope will be included in Claim when a HTTP request with an access token is in flight and will be further validated at the validation stage for the access token.

Of course the client should be added prior to running IdentityServer and proper scopes should be specified in AllowedScopes; a member of the Client class in IdentityServer.