I´m new with Auth0 and I don´t know if my approach is correct. I created a SpringBoot application with a rest API autogenerated with Swagger. I added M2M authentication to this API and it works fine.
Now, I´m trying to use scopes to allow or deny access to some operations. I created the next scope:
And my autogenerated code is like this:
As you see, scope that I configured in the code is not the same as I added in the Auth0 configuration, so I shouldn´t can call to this operation. However it continues working, it only checks if the token is correct or not. In addition, my token doesn´t have any information about the scopes. Is it the correct approach?
In addition, I have a second question: Imagine I have 3 operations. I need an external service can call to operations A and B, and I need another external service can call to operations B and C. How can I create different clients for the same API (It is M2M authentication)?
Thanks and best regards.