I am following the Web App > ASP.NET Core quick-start.
It uses Cookie and OIDC middleware. I am adding scopes to the OIDC authorisation request in order to be able to invoke the Management API. Such as:
// Configure the scope
I have added the ‘audience’ parameter to the management API as per the docs (but that doesn’t really matter here).
options.Events = new OpenIdConnectEvents
OnRedirectToIdentityProvider = context =>
return Task.FromResult(0); },
However the access token I receive back only contain the ‘openid profile’ scopes. Why do I not get back the other scopes. Is it possible to specify other scopes? Do I have to specific make a round-trip to explicitely ask for access token by means of posting a request to
What if a define custom scope to my own API’s? Will I not be able to get authorization for them with defined custom scopes?