ZegnatWell. It happens to be the same first step. My application can send 2 different requests to your endpoint: 1) ask for authentication, 2) ask for permissions (scopes). Because if I get an answer on 2, I can assume authentication also took place.
