API Resource

This class models an API resource.

Enabled
Indicates if this resource is enabled and can be requested. Defaults to true.
Name
The unique name of the API. This value is used for authentication with introspection and will be added to the audience of the outgoing access token.
DisplayName
This value can be used e.g. on the consent screen.
Description
This value can be used e.g. on the consent screen.
ApiSecrets
The API secret is used for the introspection endpoint. The API can authenticate with introspection using the API name and secret.
AllowedAccessTokenSigningAlgorithms
List of allowed signing algorithms for access token. If empty, will use the server default signing algorithm.
UserClaims
List of associated user claim types that should be included in the access token.
Scopes
List of API scope names.

Defining API resources in appsettings.json

The AddInMemoryApiResource extensions method also supports adding API resources from the ASP.NET Core configuration file:

"IdentityServer": {
    "IssuerUri": "urn:sso.company.com",
    "ApiResources": [
        {
            "Name": "resource1",
            "DisplayName": "Resource #1",

            "Scopes": [
                "resource1.scope1",
                "shared.scope"
            ]
        },
        {
            "Name": "resource2",
            "DisplayName": "Resource #2",

            "UserClaims": [
                "name",
                "email"
            ],

            "Scopes": [
                "resource2.scope1",
                "shared.scope"
            ]
        }
    ]
}

Then pass the configuration section to the AddInMemoryApiResource method:

AddInMemoryApiResources(configuration.GetSection("IdentityServer:ApiResources"))