Hi all.
I have this situation where I want to enable access to an application (via API, not with signed users) by getting tokens passing a CLIENT_ID, a CLIENT_SECRET and a RESOURCE.
This works fine but my case is to provide this access to different parties, so I created multiple CLIENT_SECRETs in my app hoping that the returning token will have some claim that will differentiate the tokens fro different secrets, either a default claim or a optional one.
But it seems it's not the case, all tokens have exactly the same content (except the timestamps and opaque strings)
So my question is basically, how can I differentiate tokens for the same app and resource coming from assigned to different parties?
Thanks in advance.