I am using Azure AD OAuth2 authorization, to secure my Web API. Now i need to support two OAuth2 scenarios(flows) -
Web application accessing the Web API, and the API based on the user's role will serve a resource. This is the achieved using authorize oauth flow, and access control is done using Authorize[Role="Read"] attributes
A daemon(console) application accessing the same Web API. Though i am able to get a token by using the client credentials oauth flow, but i am not able to figure how to manage access to the daemon process
Once the token is issues the console can literally access any of the API methods.
Scope - when grant_type is "client_credentials" scope is not a parameter to /token endpoint Role - Cant use it as this is associated with user
Can somebody please suggest, how we can do access control in client credentials flow ? And how i can cater both requirement 1 and 2 at the same time