We have several API's that we'd like to grant access to a client via client credentials flow. The flow would go something like this.
Authorization of the token at the API endpoint seems to only work when the APIResource matches the APIName in the authentication parameters.
How do you set up APIResource/Scopes such that this scenario can be accommodated?
OK I had the chance to play a bit with your case and have a solution.
So, as you know, the client credentials flow, works based on (except the clientid and client secret) ApiResoirces/Scopes.
Your API's, in their authentication configuration, have:
ApiName - for .NET Core APIRequiredScopes - for .NET Framework APIDepending on your case, you have to set them.
These are the APIResources/Scopes, that your IDS client should have, in its allowed scopes/api resources (Client.AllowedScopes).
Then, when requesting the client credentials, from the token client, you should pass as scope, a string, containing the both scopes/apiresources separated with interval (tokenClient.RequestClientCredentialsAsync("api1 api2");)
Then the access token, that you receive in the response, will be valid for calls for both of your api's.
You also have the second option, in which both your api's use one and the same scope/apiresource, but I don't think that this is a good approach at all.
