API Scope

This class models an OAuth scope.

Enabled

Indicates if this resource is enabled and can be requested. Defaults to true.

Name

The unique name of the API. This value is used for authentication with introspection and will be added to the audience of the outgoing access token.

DisplayName

This value can be used e.g. on the consent screen.

Description

This value can be used e.g. on the consent screen.

UserClaims

List of associated user claim types that should be included in the access token.

Defining API scope in appsettings.json

The AddInMemoryApiResource extension method also supports adding clients from the ASP.NET Core configuration file:

"IdentityServer": {
    "IssuerUri": "urn:sso.company.com",
    "ApiScopes": [
        {
            "Name": "IdentityServerApi"
        },
        {
            "Name": "resource1.scope1"
        },
        {
            "Name": "resource2.scope1"
        },
        {
            "Name": "scope3"
        },
        {
            "Name": "shared.scope"
        },
        {
            "Name": "transaction",
            "DisplayName": "Transaction",
            "Description": "A transaction"
        }
    ]
}

Then pass the configuration section to the AddInMemoryApiScopes method:

AddInMemoryApiScopes(configuration.GetSection("IdentityServer:ApiScopes"))