I have been reading a lot of the docs and have done a lot of work/architecture to setup my frontend and backend. I am using React and .NET web api for reference.
My main problem or misunderstanding that I have is regarding how I am able to handle authorization on both the React and .NET side of things and the interaction between the two.
My current understanding is that the initial user creation/login is done on the frontend and since I followed the quickstart I am able to get the access and id tokens. Also, I understand that there are “scopes” which are supposed to be saying what resource can be accessed and permissions with those (I think). So my question is then how do I pass this to the backend with the backend necessary roles/permissions included? Or do I have to do something extra like call the management api from the backend once I get a valid access token from my frontend?
I also could just be thinking about doing authorization in the wrong way with my application which could be the problem. I really just want to make sure on the frontend the right people have the right permissions and that is also true for the backend resources.
I don’t think this is an exact duplicate of any of the other posts I have read but if it is I am sorry in advance, thanks for any help on this!