brockallen
commented
7 years ago The middleware is a logical "or" of the listed scopes. In a specific controllers/action if you require one of them you need to do an authorization check for the required scope.
pawepaw
Hello,
I have API and two different scopes for this API. Some methods should be authorized using one scope and some using other scope. I see that only recommended way of authorization is to use required scopes in middleware but it's a struggle to use it for two different scopes because you'd need two separate applications and each with different scope required (or at least map one part of API to different routing using middleware app.Map() method). In older versions of identityModel there was also authorize attribute based on scopes but now it's gone.
As i understand i could write custom authorize attribute based on scope or separate routing and apply different required scope on different routing. Is there any other recommended way to achieve it and i am missing something?