Identity Resources Configuration

An identity resource is a named group of claims about a user that can be requested using the scope parameter.

The OpenID Connect specification suggests a couple of standard scope names to claim type mappings that might be useful to you for inspiration, but you can freely design them yourself.

One of them is actually mandatory, the openid scope, which tells the provider to return the sub (subject id) claim in the identity token.

Configuration Parameters
  • Name - The unique name of the API. This value is used for authentication with introspection and will be added to the audience of the outgoing access token.

  • Display Name - This value can be used e.g. on the consent screen.

  • Description - This value can be used e.g. on the consent screen.

  • Show In Discovery Document - Specifies whether this scope is shown in the discovery document. Defaults to true.

  • Enabled - Indicates if this resource is enabled and can be requested. Defaults to true.

  • Properties - Dictionary to hold any custom API resource-specific values as needed.

    • Key - Key

    • Value - Value

  • User Claims - List of associated user claim types that should be included in the access token.