Identity Server 4 AddInMemoryIdentityResources
up vote
0
down vote
favorite
I was wondering if somebody can explain to me what AddInMemoryIdentityResources
is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();
Then the config file is something like this:
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
};
}
Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources())
as it seems to do the same thing but yet its global as it doesn't tie to any client?
c# identityserver4
add a comment |
up vote
0
down vote
favorite
I was wondering if somebody can explain to me what AddInMemoryIdentityResources
is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();
Then the config file is something like this:
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
};
}
Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources())
as it seems to do the same thing but yet its global as it doesn't tie to any client?
c# identityserver4
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I was wondering if somebody can explain to me what AddInMemoryIdentityResources
is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();
Then the config file is something like this:
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
};
}
Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources())
as it seems to do the same thing but yet its global as it doesn't tie to any client?
c# identityserver4
I was wondering if somebody can explain to me what AddInMemoryIdentityResources
is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();
Then the config file is something like this:
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
};
}
Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources())
as it seems to do the same thing but yet its global as it doesn't tie to any client?
c# identityserver4
c# identityserver4
edited Nov 11 at 19:38
asked Nov 11 at 19:28
Bojan
2,06692772
2,06692772
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33
The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44
Sorry, your answer is a bit confusing for me. Are you saying thatAddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 at 14:47
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33
The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44
Sorry, your answer is a bit confusing for me. Are you saying thatAddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 at 14:47
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38
add a comment |
up vote
2
down vote
accepted
AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33
The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44
Sorry, your answer is a bit confusing for me. Are you saying thatAddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 at 14:47
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38
add a comment |
up vote
2
down vote
accepted
up vote
2
down vote
accepted
AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.
AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.
answered Nov 12 at 11:59
mackie
1,8181110
1,8181110
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33
The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44
Sorry, your answer is a bit confusing for me. Are you saying thatAddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 at 14:47
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38
add a comment |
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33
The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44
Sorry, your answer is a bit confusing for me. Are you saying thatAddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 at 14:47
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33
The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44
The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44
Sorry, your answer is a bit confusing for me. Are you saying that
AddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?– Bojan
Nov 12 at 14:47
Sorry, your answer is a bit confusing for me. Are you saying that
AddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?– Bojan
Nov 12 at 14:47
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53252389%2fidentity-server-4-addinmemoryidentityresources%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown