I have an IdentityServer4 that I use for authentication/authorization and I am a little confused on how to achieve the following:
if I have let us say 2 clients, and they are trying to access 2 APIs (each client can access one of them), however I have users with different permissions (user1 can access first API, user2 can access second API, user3 can access both)
When user3 which should have access to both APIs login using first client (only api1 scope is requested by client), how will I provide him a token that grants him access to both APIs (scopes), so he should not login again when using the second client?
I have read a lot of discussions about user claims and client scopes, but still I do not have clear answer on how to use them in authenticating the above case.
