Identity Server 4 AddInMemoryIdentityResources
I was wondering if somebody can explain to me what AddInMemoryIdentityResources
is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();
Then the config file is something like this:
public static IEnumerable<IdentityResource> GetIdentityResources()
return new List<IdentityResource>
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
;
Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources())
as it seems to do the same thing but yet its global as it doesn't tie to any client?
c# identityserver4
add a comment |
I was wondering if somebody can explain to me what AddInMemoryIdentityResources
is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();
Then the config file is something like this:
public static IEnumerable<IdentityResource> GetIdentityResources()
return new List<IdentityResource>
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
;
Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources())
as it seems to do the same thing but yet its global as it doesn't tie to any client?
c# identityserver4
add a comment |
I was wondering if somebody can explain to me what AddInMemoryIdentityResources
is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();
Then the config file is something like this:
public static IEnumerable<IdentityResource> GetIdentityResources()
return new List<IdentityResource>
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
;
Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources())
as it seems to do the same thing but yet its global as it doesn't tie to any client?
c# identityserver4
I was wondering if somebody can explain to me what AddInMemoryIdentityResources
is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();
Then the config file is something like this:
public static IEnumerable<IdentityResource> GetIdentityResources()
return new List<IdentityResource>
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
;
Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources())
as it seems to do the same thing but yet its global as it doesn't tie to any client?
c# identityserver4
c# identityserver4
edited Nov 11 '18 at 19:38
asked Nov 11 '18 at 19:28
Bojan
2,11092773
2,11092773
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 '18 at 14:33
The clients reference these by their scope names - so yes.
– mackie
Nov 12 '18 at 14:44
Sorry, your answer is a bit confusing for me. Are you saying thatAddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 '18 at 14:47
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 '18 at 16:38
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53252389%2fidentity-server-4-addinmemoryidentityresources%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 '18 at 14:33
The clients reference these by their scope names - so yes.
– mackie
Nov 12 '18 at 14:44
Sorry, your answer is a bit confusing for me. Are you saying thatAddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 '18 at 14:47
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 '18 at 16:38
add a comment |
AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 '18 at 14:33
The clients reference these by their scope names - so yes.
– mackie
Nov 12 '18 at 14:44
Sorry, your answer is a bit confusing for me. Are you saying thatAddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 '18 at 14:47
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 '18 at 16:38
add a comment |
AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.
AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.
answered Nov 12 '18 at 11:59
mackie
1,90811110
1,90811110
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 '18 at 14:33
The clients reference these by their scope names - so yes.
– mackie
Nov 12 '18 at 14:44
Sorry, your answer is a bit confusing for me. Are you saying thatAddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 '18 at 14:47
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 '18 at 16:38
add a comment |
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 '18 at 14:33
The clients reference these by their scope names - so yes.
– mackie
Nov 12 '18 at 14:44
Sorry, your answer is a bit confusing for me. Are you saying thatAddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 '18 at 14:47
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 '18 at 16:38
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 '18 at 14:33
So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 '18 at 14:33
The clients reference these by their scope names - so yes.
– mackie
Nov 12 '18 at 14:44
The clients reference these by their scope names - so yes.
– mackie
Nov 12 '18 at 14:44
Sorry, your answer is a bit confusing for me. Are you saying that
AddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?– Bojan
Nov 12 '18 at 14:47
Sorry, your answer is a bit confusing for me. Are you saying that
AddInMemoryIdentityResources
is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?– Bojan
Nov 12 '18 at 14:47
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 '18 at 16:38
@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 '18 at 16:38
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53252389%2fidentity-server-4-addinmemoryidentityresources%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown