I have the need to provide some information to a third party product.

The third party product manages the user base on it's systems and assigns it's users a Role.

When a request comes in for getting a token - I need to bind this Role to the token.

I would then later use this Role to verify if the user can get access to some resource in my back end api.

From my current understanding it seems to be a Client Credentials Grant (authorise the client app). But how do I capture the Role?

Or should I be using a different oAuth 2 Flow?

- It would be ideal if the request for token can pass the Role to me somehow as part of the oAuth 2 Process.