Best practice for doing user auth (via api) against a specific app id

I am a new developer still learning the api. Within the api… We have users that will be assigned to and be able to access one or more apps. Since there is not an auth with an audience param (deprecated) to validate access to a specific appid. What is considered the best way to accomplish this?


I’m not sure if I understand what you’re asking, but Okta will throw an error if a user tries to access an app to which they are not assigned. If I’m missing your point let me know.