Regarding 3)
In the API → Application grants its stated:
“Single Page and Native apps do not require further configuration. SPAs can execute the Implicit Grant to access APIs while Native Apps can do Authorize Code with PKCE for the same purpose.”
So i assume no action is needed there and the SPA has access to the API roles/perms. Then i rephrase my question 3 to the following:
- how can i access those Roles / Permissions in the React application. Or do i need also custom Rules for the “Authorization Core” feature to have this working?