Client Credentials Flow with different application types

I’ve got client credentials flow working, but there’s one aspect that’s not clear to me. Can a single API support multiple application types with different scopes/roles? Some of my client applications only need read access to my service application and others will need to create and update data, so I want some apps to only have the Reader scope/role and others to have Writer scope/role.

I’m not seeing how to assign different client applications different scopes/roles. Do I need to create a different API for each consumer type?

You can include scope as a parameter to your call to /token, so it will be baked into access_token, which can be inspected by your resource server

1 Like