Good explanation but…
As a developer that uses UI to login my users to my web app I don’t see how this article helps me to define a relying party that checks both authentication and authorization in case I have API’s in my web app.
Also do I must to protect each resource in my IDP side? must the IDP know every API I uses?
We understand that developrs are confsed but do you offer as a solution?