API Scope
Duende.IdentityServer.Models.ApiScope
Section titled “Duende.IdentityServer.Models.ApiScope”This class models an OAuth scope.
-
EnabledIndicates if this resource is enabled and can be requested. Defaults to true.
-
NameThe unique name of the API. This value is used for authentication with introspection and will be added to the audience of the outgoing access token.
-
DisplayNameThis value can be used e.g. on the consent screen.
-
DescriptionThis value can be used e.g. on the consent screen.
-
UserClaimsList of associated user claim types that should be included in the access token.
-
RequiredSpecifies whether the user can de-select the scope on the consent screen. Defaults to
false. -
EmphasizeSpecifies whether the consent screen will emphasize this scope. Use this setting for sensitive or important scopes. Defaults to
false. -
ShowInDiscoveryDocumentSpecifies whether this scope is shown in the discovery document. Defaults to
true. -
PropertiesDictionary to hold any custom scope-specific values as needed.
Defining API Scope In appsettings.json
Section titled “Defining API Scope In appsettings.json”The AddInMemoryApiResource extension method also supports adding clients from the ASP.NET Core configuration file:
{ "IdentityServer": { "IssuerUri": "urn:sso.company.com", "ApiScopes": [ { "Name": "IdentityServerApi" }, { "Name": "resource1.scope1" }, { "Name": "resource2.scope1" }, { "Name": "scope3" }, { "Name": "shared.scope" }, { "Name": "transaction", "DisplayName": "Transaction", "Description": "A transaction" } ] }}Then pass the configuration section to the AddInMemoryApiScopes method:
idsvrBuilder.AddInMemoryApiScopes(configuration.GetSection("IdentityServer:ApiScopes"))