Defining Clients
Clients represent applications that can request tokens from your identity server.
The details vary, but you typically define the following common settings for a client:
- a unique client ID
- a secret if needed
- the allowed interactions with the token service (called a grant type)
- a network location where identity and/or access token gets sent to (called a redirect URI)
- a list of scopes (aka resources) the client is allowed to access
Client
Default Scopes
The OpenID Connect specification specifies a couple of standard identity resources.
Name | Required/Optional | Description |
---|---|---|
openid | Required | Informs the Authorization Server that the Client is making an OpenID Connect request. If the openid scope value is not present, the behavior is entirely unspecified. |
profile | Optional | This scope value requests access to the End-User’s default profile Claims, which are: name, familyname, givenname, middlename, nickname, preferredusername, profile, picture, website, gender, birthdate, zoneinfo, locale, and updatedat. |
Optional | This scope value requests access to the email and emailverified Claims. | |
address | Optional | This scope value requests access to the address Claim. |
phone | Optional | This scope value requests access to the phonenumber and phonenumberverified Claims. |
offline_access | Optional | This scope value MUST NOT be used with the OpenID Connect Implicit Client Implementer’s Guide 1.0. See the OpenID Connect Basic Client Implementer’s Guide 1.0 for its usage in that subset of OpenID Connect. |
GrantType
Grant types are a way to specify how a client wants to interact with IdentityServer. The OpenID Connect and OAuth 2 specs define the following grant types:
Name | Value |
---|---|
Implicit | implicit |
ImplicitAndClientCredentials | implicit client_credentials |
Code | authorization_code |
CodeAndClientCredentials | authorization_code client_credentials |
Hybrid | hybrid |
HybridAndClientCredentials | hybrid client_credentials |
DeviceFlow | urn:ietf:params:oauth:grant-type:device_code |
August 26, 2019