2

I am setting up Identity Server 4, and I am not getting the relationship between scopes, API Resources, and Identity Resources. My understanding was that an API Resource could hold the collection of scopes, and the Identity Resource could hold the possible claims.

I call /connect/token to get a JWT, and it seems to only use the scope if I have defined it as a client attribute. Also, it only seems to return claims that I have directly added to the client.

What is the purpose of Identity Resources, and API Resources?

Don Chambers
  • 3,798
  • 9
  • 33
  • 74

1 Answers1

0

Best definition for Identity Resources is on IDS4 docs:

An identity resource is a named group of claims that can be requested using the scope parameter.

API Resources are a solution to grouping the scopes, per IDS4 docs they give us these additional features too

  1. support for the JWT aud claim. The value(s) of the audience claim will be the name of the API resource(s)
  2. support for adding common user claims across all contained scopes
  3. support for introspection by assigning a API secret to the resource
  4. support for configuring the access token signing algorithm for the resource
nahidf
  • 2,260
  • 1
  • 15
  • 22