Scope configuration
The tables below describe mandatory and common parameters on the scope model used in Web API (and cmdlets).
Scope properties
| Property name | Parameter type | Description |
|---|---|---|
| ScopeId | string | Name of the scope, this is the value a client will use to request the scope |
| AllowUnrestrictedIntrospection | boolean | Allows this scope to see all other scopes in access token during introspection |
| ClaimsRule | string | Rules to determine which claims should be included in access token |
| Description | string | a description of the intention of the scope |
| DisplayName | string | Display name. This value will be used e.g. on the consent screen. |
| Emphasize | boolean | Specify whether conscent screen will emphasize this scope, defaults to false. |
| Enabled | boolean | indicates if the scope is enabled and can be requested |
| IncludeAllClaimsForUser | boolean | If enabled, all claims, for the user, will be included in the token. Defaults to false. |
| IsStandardScope | boolean | If this scope should be treated a standard scope, for example: 'openid' |
| LastUpdate | datetime | Last time when this scope was updated used internally for auditing |
| Required | boolean | Specifies whether the user can de-select the scope on the consent screen. Defaults to false. |
| ShowInDiscoveryDocument | boolean | specifies whether this scope is shown in the discovery document, defaults to true |
| Type | enum ScopeType | ScopeType defines the following possible values: Identity(0) or Resource(1) - default |
| Claims | List\<ScopeClaims> | List of user claims that should be included in the identity (identity scope) or access token (resource scope). |
| ScopeSecrets | List\<Secrets> | List of scope secrets Note When registering scope with secret(s) leave the Value and Type of the secret unset. U4IDS will automatically generate them. It is also possible to administrate scope secrets with a dedicated endpoint. See secret registration |
| ConsentOptions | ScopeConsentOption | If the scope should be shown in the permission screen you need to enable the RequireConsent property. |
| UserId | string | * To be used internally for auditing * |
| UserName | string | * To be used internally for auditing * |
ScopeClaim properties
| Property name | Parameter type | Description |
|---|---|---|
| Name | string | Name of the claim |
| Description | string | Description of the claim |
| AlwaysIncludeInIdToken | boolean | Secifies whether this claim should always be present in the identity token (even if an access token has been requested as well) |
Scope Secret properties
| Property name | Parameter type | Description |
|---|---|---|
| Description | string | Description of the secret |
| Expiration | DateTimeOffset | Expiration time of the secret nullable if never expires |
| Type | string | Secret type (for example "SharedSecret") |
| Value | string | Secret value Note: the value of the secret must not be provided by the user in the request. It is always generated on the IDS-Admin side. See more about secret registration |
| LastUpdate | DateTime | Last time when the scope secret was updated, used internally for auditing. |
| UserId | string | * To be used internally for auditing * |
| UserName | string | * To be used internally for auditing * |
ConsentOptions properties
| Property name | Parameter type | Description |
|---|---|---|
| RequireConsent | boolean | True to enable consent for the scope. Default to false. |
| Link | string | Optional link to a more detailed description of the scope |
| LinkDescription | string | Link description |
Localized scope texts
Scope texts can be localized - made aware of the language settings of the browser. With a non-supported language set in the browser, default titles from the scope definitions are used for all texts. These localized texts are then showed on the consent screen - see two different versions:
Changing the browser language to Norwegian (bokmål) will produce the result below:
In order to localize a scope open it in the IDS Portal - at the bottom of the page you will notice the Localization button:
Pressing the Localization button will open a new page that lists all current translations (sorted by language). The default texts are shown at the top of the page:
Pressing the Edit button will open a page that allows you to edit, add or delete translations. The process is pretty similar to maintaining IdPs. Use the Delete translation button to remove a translation, or use the Add translation button to create a new one. New translations will appear at the bottom of the page. Once you're happy with your changes, you simply press the Save button to store you localizations.
You can also configure localization using Admin API.