Identity Server 4 AddInMemoryIdentityResources

up vote
0
down vote

favorite

I was wondering if somebody can explain to me what AddInMemoryIdentityResources is used for when registering identity server during startup. From the examples they have shown it looks like this (note the code between comments):

services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();

Then the config file is something like this:

public static IEnumerable<IdentityResource> GetIdentityResources()

 return new List<IdentityResource>
 
 new IdentityResources.OpenId(),
 new IdentityResources.Profile(),
 ;

Now, I thought that when you declare a client you define the scopes which basically say you are allowed to pass username, id, etc... However, then what is the point of this statement .AddInMemoryIdentityResources(Config.GetIdentityResources()) as it seems to do the same thing but yet its global as it doesn't tie to any client?

edited Nov 11 at 19:38

asked Nov 11 at 19:28

Bojan

2,08892772

add a comment |

up vote
0
down vote

favorite

services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();

Then the config file is something like this:

public static IEnumerable<IdentityResource> GetIdentityResources()

 return new List<IdentityResource>
 
 new IdentityResources.OpenId(),
 new IdentityResources.Profile(),
 ;

edited Nov 11 at 19:38

asked Nov 11 at 19:28

Bojan

2,08892772

add a comment |

up vote
0
down vote

favorite

services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();

Then the config file is something like this:

public static IEnumerable<IdentityResource> GetIdentityResources()

 return new List<IdentityResource>
 
 new IdentityResources.OpenId(),
 new IdentityResources.Profile(),
 ;

edited Nov 11 at 19:38

asked Nov 11 at 19:28

Bojan

2,08892772

services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
//********************
.AddInMemoryIdentityResources(Config.GetIdentityResources())
//********************
.AddInMemoryApiResources(configurationManager.GetApiResources())
.AddInMemoryClients(configurationManager.GetClients())
.AddAspNetIdentity<User>();

Then the config file is something like this:

public static IEnumerable<IdentityResource> GetIdentityResources()

 return new List<IdentityResource>
 
 new IdentityResources.OpenId(),
 new IdentityResources.Profile(),
 ;

c# identityserver4

edited Nov 11 at 19:38

asked Nov 11 at 19:28

Bojan

2,08892772

edited Nov 11 at 19:38

asked Nov 11 at 19:28

Bojan

2,08892772

edited Nov 11 at 19:38

asked Nov 11 at 19:28

Bojan

2,08892772

asked Nov 11 at 19:28

Bojan

2,08892772

asked Nov 11 at 19:28

Bojan

2,08892772

add a comment |

1 Answer
1

active

oldest

votes

up vote
2
down vote

accepted

AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.

answered Nov 12 at 11:59

mackie

1,8731110

So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33

The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44

Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 at 14:47

@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38

add a comment |

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53252389%2fidentity-server-4-addinmemoryidentityresources%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

up vote
2
down vote

accepted

AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.

answered Nov 12 at 11:59

mackie

1,8731110

So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33

The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44

Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 at 14:47

@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38

add a comment |

up vote
2
down vote

accepted

AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.

answered Nov 12 at 11:59

mackie

1,8731110

So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33

The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44

Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 at 14:47

@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38

add a comment |

up vote
2
down vote

accepted

AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.

answered Nov 12 at 11:59

mackie

1,8731110

AddInMemoryIdentityResources is basically defining the global list of available identity scopes. I.e. the master list which clients can then reference.

answered Nov 12 at 11:59

mackie

1,8731110

answered Nov 12 at 11:59

mackie

1,8731110

answered Nov 12 at 11:59

mackie

1,8731110

answered Nov 12 at 11:59

mackie

1,8731110

So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33

The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44

Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 at 14:47

@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38

add a comment |

So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33

The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44

Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 at 14:47

@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38

So does that mean I don't need it if I define scopes on clients? Or I always need this value defined?
– Bojan
Nov 12 at 14:33

The clients reference these by their scope names - so yes.
– mackie
Nov 12 at 14:44

Sorry, your answer is a bit confusing for me. Are you saying that AddInMemoryIdentityResources is a whitelist of available scopes and then each client builds their own list of scopes to use, but that list has to be approved against the global list?
– Bojan
Nov 12 at 14:47

@Bojan that's exactly it, yes. There's a separate list for API resources and scopes too.
– mackie
Nov 12 at 16:38

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Some of your past answers have not been well-received, and you're in danger of being blocked from answering.

Please pay close attention to the following guidance:

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Odtnhj