How can I get unauthorized to user trying to get a token?

brunobranco16 · December 20, 2022, 9:52am

Hello,

I’m trying to setup the following use case:

Single Page App - ClientA
API - App A

scope: PermissionA
RBAC & include permissions enabled

Users:
User A - Permission: PermissionA
User B

Flow - Code + pcke using providing SPA examples.

How can I get unauthorized when UserB tries to log in on ClientA and/or when ask a token to audience AppA?

ramyar.jahani · December 22, 2022, 9:28am

The difference is that API tokens incorporate the user account in the access token while OAuth apps perform authorization without a user account. When you make a choice of using an API token or an OAuth app to make an API call, you must consider the specific requirements of the API service involved in the interaction.