Version 5.x has been out of support since December 13, 2022, and this corresponding section of the documentation is no longer maintained. We strongly recommend upgrading to a supported version.

API Scope

Duende.IdentityServer.Models.ApiScope

This class models an OAuth scope.

  • Enabled

    Indicates if this resource is enabled and can be requested. Defaults to true.

  • Name

    The unique name of the API. This value is used for authentication with introspection and will be added to the audience of the outgoing access token.

  • DisplayName

    This value can be used e.g. on the consent screen.

  • Description

    This value can be used e.g. on the consent screen.

  • UserClaims

    List of associated user claim types that should be included in the access token.

Defining API scope in appsettings.json

The AddInMemoryApiResource extension method also supports adding clients from the ASP.NET Core configuration file::

"IdentityServer": {
    "IssuerUri": "urn:sso.company.com",
    
    "ApiScopes": [
        {
            "Name": "IdentityServerApi"
        },
        {
            "Name": "resource1.scope1"
        },
        {
            "Name": "resource2.scope1"
        },
        {
            "Name": "scope3"
        },
        {
            "Name": "shared.scope"
        },
        {
            "Name": "transaction",
            "DisplayName": "Transaction",
            "Description": "A transaction"
        }
    ]
}

Then pass the configuration section to the AddInMemoryApiScopes method:

builder.AddInMemoryApiScopes(configuration.GetSection("IdentityServer:ApiScopes"))