Hello Norman, User actually don't need to know which client / how they should use some app through Gluu Server. In OpenID Connect / Gluu Server: every OIDC app is registered as ["Client"](https://www.gluu.org/docs/gluu-server/4.1/admin-guide/openid-connect/#client-registration-configuration). Every registered client has an entry named 'Redirect Login URI'. This redirect login url talks about app's ( app == protected resource ) endpoint where user will be redirected after login from Gluu Server.

Thanks for the answer. How does the gluu server know which client it should use if there is more than one on the gluu server? Also, Can i set it to not allow certain users on the server to access certain clients? Thanks.

>> How does the gluu server know which client it should use if there is more than one on the gluu server? There might be thousands of clients inside one Gluu Server but each is unique with it's own configuration and 'ClientID'. That's how Gluu Server knows. >> Also, Can i set it to not allow certain users on the server to access certain clients? Yes & No. Yes == if certain users don't have proper scope/s then, that user won't be able to access that client. No == It's basically app's ( RP's ) job to decide whom to give access and whom not to it's own protected resource.