Limit access to app in the same realm

Hi there,

I’m trying to achieve a thing that sounds simple but I can’t figure out what’s the best way to go

I got a realm “myRealm”, I got 2 clients “app1” and “app2”, I got a user federation composed of two external database.

I want the user logged in throught client “app1” to be unable to access “app2” and user logged in throught “app2” to be able to access “app1” and “app2”

What’s the way to go ? Should I use scope ? Should I use realm role (if so how can I add role automatically to a user if he logs in throught app1 or app2) ?

I’m really confused on this, any help would be more than welcome !

Have a good day