Identity Server 4 AddInMemoryIdentityResources










0














I was wondering if somebody can explain to me what AddInMemoryIdentityResources is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):



services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();


Then the config file is something like this:



public static IEnumerable<IdentityResource> GetIdentityResources()

return new List<IdentityResource>

new IdentityResources.OpenId(),
new IdentityResources.Profile(),
;



Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources()) as it seems to do the same thing but yet its global as it doesn't tie to any client?










share|improve this question




























    0














    I was wondering if somebody can explain to me what AddInMemoryIdentityResources is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):



    services.AddIdentityServer()
    .AddDeveloperSigningCredential()
    .AddInMemoryPersistedGrants()
    //********************
    .AddInMemoryIdentityResources(Config.GetIdentityResources())
    //********************
    .AddInMemoryApiResources(configurationManager.GetApiResources())
    .AddInMemoryClients(configurationManager.GetClients())
    .AddAspNetIdentity<User>();


    Then the config file is something like this:



    public static IEnumerable<IdentityResource> GetIdentityResources()

    return new List<IdentityResource>

    new IdentityResources.OpenId(),
    new IdentityResources.Profile(),
    ;



    Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources()) as it seems to do the same thing but yet its global as it doesn't tie to any client?










    share|improve this question


























      0












      0








      0







      I was wondering if somebody can explain to me what AddInMemoryIdentityResources is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):



      services.AddIdentityServer()
      .AddDeveloperSigningCredential()
      .AddInMemoryPersistedGrants()
      //********************
      .AddInMemoryIdentityResources(Config.GetIdentityResources())
      //********************
      .AddInMemoryApiResources(configurationManager.GetApiResources())
      .AddInMemoryClients(configurationManager.GetClients())
      .AddAspNetIdentity<User>();


      Then the config file is something like this:



      public static IEnumerable<IdentityResource> GetIdentityResources()

      return new List<IdentityResource>

      new IdentityResources.OpenId(),
      new IdentityResources.Profile(),
      ;



      Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources()) as it seems to do the same thing but yet its global as it doesn't tie to any client?










      share|improve this question















      I was wondering if somebody can explain to me what AddInMemoryIdentityResources is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):



      services.AddIdentityServer()
      .AddDeveloperSigningCredential()
      .AddInMemoryPersistedGrants()
      //********************
      .AddInMemoryIdentityResources(Config.GetIdentityResources())
      //********************
      .AddInMemoryApiResources(configurationManager.GetApiResources())
      .AddInMemoryClients(configurationManager.GetClients())
      .AddAspNetIdentity<User>();


      Then the config file is something like this:



      public static IEnumerable<IdentityResource> GetIdentityResources()

      return new List<IdentityResource>

      new IdentityResources.OpenId(),
      new IdentityResources.Profile(),
      ;



      Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources()) as it seems to do the same thing but yet its global as it doesn't tie to any client?







      c# identityserver4






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 11 '18 at 19:38

























      asked Nov 11 '18 at 19:28









      Bojan

      2,11092773




      2,11092773






















          1 Answer
          1






          active

          oldest

          votes


















          2














          AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.






          share|improve this answer




















          • So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
            – Bojan
            Nov 12 '18 at 14:33











          • The clients reference these by their scope names - so yes.
            – mackie
            Nov 12 '18 at 14:44










          • Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
            – Bojan
            Nov 12 '18 at 14:47










          • @Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
            – mackie
            Nov 12 '18 at 16:38










          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53252389%2fidentity-server-4-addinmemoryidentityresources%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          2














          AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.






          share|improve this answer




















          • So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
            – Bojan
            Nov 12 '18 at 14:33











          • The clients reference these by their scope names - so yes.
            – mackie
            Nov 12 '18 at 14:44










          • Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
            – Bojan
            Nov 12 '18 at 14:47










          • @Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
            – mackie
            Nov 12 '18 at 16:38















          2














          AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.






          share|improve this answer




















          • So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
            – Bojan
            Nov 12 '18 at 14:33











          • The clients reference these by their scope names - so yes.
            – mackie
            Nov 12 '18 at 14:44










          • Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
            – Bojan
            Nov 12 '18 at 14:47










          • @Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
            – mackie
            Nov 12 '18 at 16:38













          2












          2








          2






          AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.






          share|improve this answer












          AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 12 '18 at 11:59









          mackie

          1,90811110




          1,90811110











          • So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
            – Bojan
            Nov 12 '18 at 14:33











          • The clients reference these by their scope names - so yes.
            – mackie
            Nov 12 '18 at 14:44










          • Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
            – Bojan
            Nov 12 '18 at 14:47










          • @Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
            – mackie
            Nov 12 '18 at 16:38
















          • So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
            – Bojan
            Nov 12 '18 at 14:33











          • The clients reference these by their scope names - so yes.
            – mackie
            Nov 12 '18 at 14:44










          • Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
            – Bojan
            Nov 12 '18 at 14:47










          • @Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
            – mackie
            Nov 12 '18 at 16:38















          So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
          – Bojan
          Nov 12 '18 at 14:33





          So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
          – Bojan
          Nov 12 '18 at 14:33













          The clients reference these by their scope names - so yes.
          – mackie
          Nov 12 '18 at 14:44




          The clients reference these by their scope names - so yes.
          – mackie
          Nov 12 '18 at 14:44












          Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
          – Bojan
          Nov 12 '18 at 14:47




          Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
          – Bojan
          Nov 12 '18 at 14:47












          @Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
          – mackie
          Nov 12 '18 at 16:38




          @Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
          – mackie
          Nov 12 '18 at 16:38

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53252389%2fidentity-server-4-addinmemoryidentityresources%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Use pre created SQLite database for Android project in kotlin

          Darth Vader #20

          Ondo