ApiResource与ApiScope与IdentityResource [英] ApiResource vs ApiScope vs IdentityResource

问题描述

我已经阅读了

I've read the IdentityServer4 documentation but I can't understand what is the exact difference between these three concepts. (ApiResource vs ApiScope vs IdentityResource)

1- As it is said in the documentation, API Scope models an OAuth scope. and API Resource models an API resource. So what is the difference between the OAuth scope and API resource?

2- also, as I understand in this section of document , in AllowsScope of client definition in Identity server, we must add IdentityResources. So what is the exact usage of Identity resources?

3- If I add some IdentityResources to client AllowsScopes, How can I see these Resources In client?

I am the beginner in Identity Server, which means that my questions are maybe elementary. but please answer it, I've searched a lot, and nowhere explain these concepts completely. For example,here is the definition of Identity resource!

解决方案

Scopes listed under IdentityResources are the scopes that will be included in the ID-token.

ApiScopes is what you ask for as a client and as a user you give consent to. Optionally, one or more ApiResources can associated with an ApiScope.

The ApiScope and ApiResources controls what is included in the access token. ApiResources points out what the aud claim in the access token will contains.

To summarize, the scopes sent by the client is a list of IdentityResources and ApiScopes.

这篇关于ApiResource与ApiScope与IdentityResource的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！