Scope configuration

The tables below describe mandatory and common parameters on the scope model used in Web API (and cmdlets).

Scope properties

Property name Parameter type Description
ScopeId string Name of the scope, this is the value a client will use to request the scope
AllowUnrestrictedIntrospection boolean Allows this scope to see all other scopes in access token during introspection
ClaimsRule string Rules to determine which claims should be included in access token
Description string a description of the intention of the scope
DisplayName string Display name. This value will be used e.g. on the consent screen.
Emphasize boolean Specify whether conscent screen will emphasize this scope, defaults to false.
Enabled boolean indicates if the scope is enabled and can be requested
IncludeAllClaimsForUser boolean If enabled, all claims, for the user, will be included in the token. Defaults to false.
IsStandardScope boolean If this scope should be treated a standard scope, for example: 'openid'
LastUpdate datetime Last time when this scope was updated used internally for auditing
Required boolean Specifies whether the user can de-select the scope on the consent screen. Defaults to false.
ShowInDiscoveryDocument boolean specifies whether this scope is shown in the discovery document, defaults to true
Type enum ScopeType ScopeType defines the following possible values: Identity(0) or Resource(1) - default
Claims List\<ScopeClaims> List of user claims that should be included in the identity (identity scope) or access token (resource scope).
ScopeSecrets List\<Secrets> List of scope secrets Note When registering scope with secret(s) leave the Value and Type of the secret unset. U4IDS will automatically generate them. It is also possible to administrate scope secrets with a dedicated endpoint. See secret registration
ConsentOptions ScopeConsentOption If the scope should be shown in the permission screen you need to enable the RequireConsent property.
UserId string * To be used internally for auditing *
UserName string * To be used internally for auditing *

ScopeClaim properties

Property name Parameter type Description
Name string Name of the claim
Description string Description of the claim
AlwaysIncludeInIdToken boolean Secifies whether this claim should always be present in the identity token (even if an access token has been requested as well)

Scope Secret properties

Property name Parameter type Description
Description string Description of the secret
Expiration DateTimeOffset Expiration time of the secret nullable if never expires
Type string Secret type (for example "SharedSecret")
Value string Secret value Note: the value of the secret must not be provided by the user in the request. It is always generated on the IDS-Admin side. See more about secret registration
LastUpdate DateTime Last time when the scope secret was updated, used internally for auditing.
UserId string * To be used internally for auditing *
UserName string * To be used internally for auditing *

ConsentOptions properties

Property name Parameter type Description
RequireConsent boolean True to enable consent for the scope. Default to false.
Link string Optional link to a more detailed description of the scope
LinkDescription string Link description

Localized scope texts

Scope texts can be localized - made aware of the language settings of the browser. With a non-supported language set in the browser, default titles from the scope definitions are used for all texts. These localized texts are then showed on the consent screen - see two different versions:

Changing the browser language to Norwegian (bokmål) will produce the result below:

In order to localize a scope open it in the IDS Portal - at the bottom of the page you will notice the Localization button:

Pressing the Localization button will open a new page that lists all current translations (sorted by language). The default texts are shown at the top of the page:

Pressing the Edit button will open a page that allows you to edit, add or delete translations. The process is pretty similar to maintaining IdPs. Use the Delete translation button to remove a translation, or use the Add translation button to create a new one. New translations will appear at the bottom of the page. Once you're happy with your changes, you simply press the Save button to store you localizations.

You can also configure localization using Admin API.