@amardeep2006
JWT access tokens are a source of common confusion.
Access tokens can be validated remotely (per spec), this requires a client-id and client-secret. Some IdPs also allow for locally validating structured tokens (e.g. an access token that is a JWT).
There are pros & cons to both: JWT vs Opaque Access Tokens: Use Both With Spring Boot | Okta Developer
Back to your question!
For JWT access tokens, you have a few options:
- Different authorization servers for each app, (if your applications do not need to share tokens)
- you could use the same authorization server with different scopes (your application would need to check if those scopes are present in the JWT)