Skip to main content
Version: v2

Add a resource server

A Resource Server is a namespace for application scopes that are a set of all scopes supported by the application.

Use these guidelines to determine the Resource Server settings of your application:

If your application...Then...
References a Resource Server,The application can include scopes in issued access tokens. The scopes your app can issue are configured in the allowed_scopes setting and must be equal to or a subset of the resource server's available scopes.
Doesn't reference a Resource ServerThe application can only be used to provide authentication (identity) but not authorization (access). Therefore, the scopes element in access tokens will be empty.
Doesn't need to provide multiple access levels, like admin vs. user,Does not necessarily need a resource server.
Is for minting tokens for access to the Beyond Identity APIYou must set your application's Resource Server to Beyond Identity Management API.

Admin Console

A resource server can be created from the Beyond Identity Admin Console.

  1. First, click Go to realm and select the realm in which you wish to create the resource server. This should be the realm of the application that you wish to link to the resource server.
  2. Under Authorization, select Resource Servers.
  3. Click Create resource server.
  4. Fill in the Create resource server screen as follows:
  • Enter a Resource Server Name. This can be any human readable string.
  • Enter a Resource Server Identifier. This identifier will be included as the audience claim in access tokens minted for an application that issues scopes owned by this resource server.
  • Enter one or more Scopes (press Enter or Return after each scope). These scopes will be eligible to be configured as *Allowed Scopes for applications that you link to this resource server.
    For more information these parameters, see the API documentation for creating a resource server.
  1. Finally click Create resource server to complete creating the resource server.

API

Before creating a resource server by API, you must have an API access token for the Beyond Identity Management API that contains the scope 'resource-servers:create'.

To create a resource server, use the create resource server API.

/resource-servers
1
curl "https://api-$(REGION).beyondidentity.com/v1/tenants/$(TENANT_ID)/realms/$(REALM_ID)/resource-servers" \ -X POST \ -H "Authorization: Bearer $(TOKEN)" \ -H "Content-Type: application/json" \ -d "{\"resource_server\":{\"display_name\":\"$(APPLICATION_DISPLAY_NAME)\",\"identifier\":\"$(APPLICATION_URI)\",\"scopes\":[\"$(SCOPE)\"]}}"

where:

  • TOKEN is a base64 encoded API access token for the Beyond Identity Management API that contains the scope 'resource-servers:create'
  • APPLICATION_DISPLAY_NAME is any human readable string
  • APPLICATION_URI is a unique string will be included as the audience claim in access tokens minted for an application that issues scopes owned by this resource server (for more information see the API documentation)
  • SCOPE is a list of scopes this resource server will be eligible to include in tokens.