.net core 中 identity server 4 之Topic --定义API资源

想要让客户端能够访问API资源,就需要在Identity Server中定义好API的资源。

Scope作用域:即API资源的访问范围限制。

作用域是一个资源 (通常也称为 Web API) 的标识符。

public static IEnumerable<ApiResource> GetApis()
{
return new[]
{
// simple API with a single scope (in this case the scope name is the same as the api name)
new ApiResource("api1", "Some API 1"), // expanded version if more control is needed
new ApiResource
{
Name = "api2", // secret for using introspection endpoint
ApiSecrets =
{
new Secret("secret".Sha256())
}, // include the following using claims in access token (in addition to subject id)
UserClaims = { JwtClaimTypes.Name, JwtClaimTypes.Email }, // this API defines two scopes
Scopes =
{
new Scope()
{
Name = "api2.full_access",
DisplayName = "Full access to API 2",
},
new Scope
{
Name = "api2.read_only",
DisplayName = "Read only access to API 2"
}
}
}
};
}
上一篇:用 Identity Server 4 (JWKS 端点和 RS256 算法) 来保护 Python web api


下一篇:Yarn应用程序运行流程剖析