Getting resource from another resource in Oauth2

Question

So here is a case: I have identity server, client application and resource(API). Identity server provides user info on the endpoint http://identityserver:8080/connect/userinfo. If you send a request with valid access token you will get additional information about user. If I need this information on the resource how would I get it. I have two ideas:

1. Get the user info with client. (Client send request on userinfo endpoint and obtain information and then send it with request calling API.)
2. Resource API create a request on userinfo endpoint itself with access token. Problem here is that if I want to get token value from token store it is not supported information (Java Spring), so basically I do not have access token on resurce server.

I understand that userinfo endpoint is basically resource so my question is how to proceed if I want to get resource from another resource with keeping all best practice around OAuth2 and OpenID connect.

Answer 1

The solution is to use a different grant type. The most suitable is the Client Credentials. An identity server is needed to register a new client id and secret which can be used to exchange access token for API.