-
Notifications
You must be signed in to change notification settings - Fork 128
Authorization
All requests to the SCIM endpoints require authorization.
The SCIM reference code uses ASP.NET Core environments to control the way authorization is performed while in development or after deployment.
Use multiple environments in ASP.NET Core
The development environment enables features that shouldn't be exposed in production, in the reference code it controls the behavior of the security token validation.
The token validation code is configured to use a self signed security token, the signing key is stored in the configuration file, look for the "Token:IssuerSigningKey" parameter in the appsettings.Development.json file.
By using the /scim/token endpoint, a token is issued using the configured key. This token can be used as bearer token for subsequent authorization.
The default token validation code is configured to use a token issued by Azure Active Directory, the corresponding tenant needs to be configured in the "Token:TokenIssuer" parameter in the appsettings.json file.