User16389926695348686365 (Customer) asked a question.
Client Credentials Flow with different application type
I've got client credentials flow working, but there's one aspect that's not clear to me. Can a single API support multiple application types with different scopes/roles? Some of my client applications only need read access to my service application and others will need to create and update date, so I want some apps to only have the Reader scope/role and others to have Writer scope/role.
I'm not seeing how to assign different client applications different scopes/roles. Do I need to create a different API for each consumer type?
Hi @User16389926695348686365 (Customer) , Thank you for reaching out to the Okta Community!
As far as the information I was able to find, that's what scopes and claims are for, scoping the access for a specific token to only the permitted resources
Access policies/rules can lock down which apps can request what scopes, and claim expressions can be written to be application specific.
My advice would be to leverage the Okta Developer forums for this type of questions and take advantage of their expertise.
https://devforum.okta.com/
Hope it helps!
Thanks Mihai. I've posted to the dev forum.