My understanding is that a Client
is allowed to access ome or more ApiScope
and an ApiScop
is linked to many ApiResources
the names of which become the values of the audience claims.
I.e., 1 client -> many API scopes and 1 API scope -> many API resources
However, people talk about ApiResources
having ApiScopes
(not scopes having resources) which does not seem to be how the model works.
How is it supposed to work? Is there any documentation?