Skip to content
This repository has been archived by the owner on Apr 27, 2021. It is now read-only.

Scopes

Jump to bottom
John Parsons edited this page May 31, 2018 · 5 revisions

Overview

Scopes define resources that Fabric.Identity protects. These protected resources are divided into two logical groups, IdentityResources and APIResources.

Scopes associated with IdentityResources represent information about users such as their name, email, birth date, etc..

Scopes associated with APIResources represent operations that an API supports and limits access to. An example of an APIResource Scope is fabric/identity.read.

This document defines the scopes that are built into Fabric.Identity. Other APIs that register with Fabric.Identity can define their own scopes that Fabric.Identity will protect. Each API will define the meaning of their scopes separately, so the below list is not a comprehensive list. Reference the documentation for the API that you want to work with for information on its defined scopes.

You can also see a complete list of registered scopes for your installation of Fabric.Identity by viewing the open id discovery document:

https://{fabric-identity-url}/.well-known/openid-configuration

IdentityResource related scopes

offline_access - allows getting a refresh token (https://openid.net/specs/openid-connect-core-1_0.html#toc)

openid - required for all OpenID Connect requests, and is needed so the sub claim is included in the access token

profile - standard scope defined by OpenID Connect spec, which includes the following claims name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at. - https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims

email - a standard scope defined by OpenID Connect spec, includes the email and email_verified claims - https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims

address - a standard scope defined by OpenID Connect spec, includes the address claim - https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims

fabric.profile - custom scope defined by Fabric that includes the role and groups claims

APIResource related scopes

fabric/identity.read - required to read from the Clients, APIResources and IdentityResources endpoints in Fabric.Identity.

fabric/identity.manageresources - required to create new Clients, APIResources and IdentityResources in Fabric.Identity.

fabric/identity.searchusers - required to search for Users that Fabric.Identity knows about.

Table of Contents

Overview

API Reference

Installation and Configuration

Clone this wiki locally