Scope per authentication type


I want to allow different scope for different authentication types.

For example for basic auth i want to allow scope A and B.
For another type like TOTP allow C and D


I see 2 options:

  • use ACR
  • use another client somehow with a service proxy