Python Flask API as SPA resource as well as Service for machine to machine


I set up an SPA application. A Flask API uses the Python OIDC library to authorize calls from the Javascript Front end, and this all works as expected.

The API would also need to accept calls from other backend applications. How do you set this up so the API can continue being the resource server to the SPA app, but also be able authorize tokens generated for a Service app with client id and secret key?