I’m trying to implement a client credentials authorisation flow and need to assign different scopes to different applications (service - machine to machine). Not all should be able to see the same data. For example, an internal service can have admin access but an external one would have only read access.
I can see I can add custom scopes to the authorization server but haven’t found a way to link the new scope to certain applications.
Any help is appreciated.