I would like to protect some end-point of the API only to be accessed by "Client Application" (instead of for a user with a role). The system is using Oauth2, and I have access and can modify the Authorization Server and the Client Application.
I am using Symfony2 and there is an example How to Authenticate Users with API Keys , but the example is only for the user's token (Using ApiKeyUserProvider) this made me think that maybe Is not the right approach.
Do you know any example for this problem, should I try other approach?