Azure AD B2C multiple application in one domain

I'm going to implement a multi-page React application in the same domain:

• domain.com/app1 - application 1 base path, /app1/index.html
• domain.com/app2 - application 1 base path, /app2/index.html

The user can access each app or both with a single login.

1. If user goes to /app1, he will be asked to login (in Azure AD B2C)
2. After logging in, he will be redirected back to app1
   1. If he doesn't have permission to access app1, show 404
   2. Or else, he can work with app1
   3. If he also has permission to access app2, he can go to app2 anytime without asking to login (or silent log in could work either)

What I'm going to do is attach the app's permissions in MSAL access_token, using Custom Policy with Restful Technical Profile. So, when the user goes to an app, the app reads access_token and decides if the user permission has permission or not.

I'm asking if there's a proper or better way to do as requirements.

yeah this should work well! Maybe don't use a 404 though. I would explain why the user doesn't have access so they can request it if needed.