Hi @Luukth, I replied in your other thread - Trouble understanding scopes vs permissions - #3 by Marcos_Castany
This doesn’t quite solve the problem because the example blog express app is not a custom API.
Well, you can think a regular web application as a client (the frontend) and an API (the backend) at the same time. You can create the client and an API in the dashboard and use the built in roles.
Also when using the Authorization Code Flow to authenticate a user I don’t know if it wants the admin scope
admin:dashboard
or it is a normal user.
I addressed this in the other thread
If you need to know the specific Role of a user in your application, the only way of knowing it is by adding a custom claim via rules (example here - Sample Use Cases: Rules with Authorization)
Let me know if you have any other doubt. I’m currently working on the docs to give better guidance.
Thanks,
Marcos