API Resource
Duende.IdentityServer.Models.ApiResource
Section titled “Duende.IdentityServer.Models.ApiResource”This class models an API.
-
EnabledIndicates if this resource is enabled and can be requested. Defaults to true.
-
NameThe unique name of the API. This value is used for authentication with introspection and will be added to the audience of the outgoing access token.
-
DisplayNameThis value can be used e.g. on the consent screen.
-
DescriptionThis value can be used e.g. on the consent screen.
-
RequireResourceIndicatorIndicates if this API resource requires the resource indicator to request it, and expects access tokens issued to it will only ever contain this API resource as the audience.
-
ApiSecretsThe API secret is used for the introspection endpoint. The API can authenticate with introspection using the API name and secret.
-
AllowedAccessTokenSigningAlgorithmsList of allowed signing algorithms for access token. If empty, will use the server default signing algorithm.
-
UserClaimsList of associated user claim types that should be included in the access token.
-
ScopesList of API scope names. You need to create those using ApiScope.
Defining API resources In appsettings.json
Section titled “Defining API resources In appsettings.json”The AddInMemoryApiResource extensions method also supports adding API resources from the ASP.NET Core configuration
file:
"IdentityServer": { "IssuerUri": "urn:sso.company.com", "ApiResources": [ { "Name": "resource1", "DisplayName": "Resource #1",
"Scopes": [ "resource1.scope1", "shared.scope" ] }, { "Name": "resource2", "DisplayName": "Resource #2",
"UserClaims": [ "name", "email" ],
"Scopes": [ "resource2.scope1", "shared.scope" ] } ]}Then pass the configuration section to the AddInMemoryApiResource method:
idsvrBuilder.AddInMemoryApiResources(configuration.GetSection("IdentityServer:ApiResources"))