Question: How to identify type of token passed in a request?

[shrihari-prakash]

I am trying to create a system where I would like to have certain APIs accessible by users and certain APIs only by tokens granted by client_credentials. Here's my current way of identifying this:

In model:

getUserFromClient: (client: Client) => {
  return new Promise<User>((resolve) => {
    resolve({ 
        username: "api-client", 
        role: client.role // DB returns string 'INTERNAL_CLIENT'
    });
  });
},

In my middleware:

const AuthenticateClient = async (
  _: Request,
  res: Response,
  next: NextFunction
) => {
  try {
    res.locals.user = res.locals.oauth.token.user;
    if (res.locals.user.role !== 'INTERNAL_CLIENT') {
      throw statusCodes.unauthorized;
    }
    res.locals.client = res.locals.oauth.token.client;
    return next();
  } catch (err) {
    res
      .status(statusCodes.unauthorized)
      .json(new ErrorResponse(errorMessages.unauthorized));
    return next(new Error(errorMessages.unauthorized));
  }
};

I however feel like this is an anti-pattern to do such a thing. Can someone confirm how this can be done in the library?