The token validation in project using Identity Server 3 is not compatible with token created in Identity Server 4. So I have to tweak the token process in Project using Identity Server 4 for client and scopes that will access the project using Identity Server 3.

Startup.cs

/*
add those 2 services in Startup class of Identity Server 4 project.
services.AddTransient<ITokenService, TokenService>()
    .AddTransient<ITokenCreationService, TokenCreationService>();
*/

TokenCreationService.cs

using IdentityServer4.Configuration;
using IdentityServer4.Models;
using IdentityServer4.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.Logging;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Threading.Tasks;

namespace MyDemo.Services
{
    public class TokenCreationService : DefaultTokenCreationService
    {
        public TokenCreationService(ISystemClock clock, IKeyMaterialService keys, IdentityServerOptions options, ILogger<DefaultTokenCreationService> logger)
            : base(clock, keys, options, logger)
        {

        }

        protected async override Task<JwtHeader> CreateHeaderAsync(Token token)
        {
            JwtHeader header = await base.CreateHeaderAsync(token);

            if (token.Type == "access_token" && token.ClientId == "demo" && token.Scopes != null
                && token.Scopes.Any(s => s.Equals("mc", StringComparison.OrdinalIgnoreCase)))
            {
                header["typ"] = "JWT";
            }

            return header;
        }
    }
}

TokenService.cs

using IdentityServer4.Configuration;
using IdentityServer4.Models;
using IdentityServer4.Services;
using IdentityServer4.Stores;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using System;
using System.Linq;
using System.Threading.Tasks;

namespace MyDemo.Services
{
    public class TokenService : DefaultTokenService
    {
        public TokenService(IClaimsService claimsProvider, IReferenceTokenStore referenceTokenStore, ITokenCreationService creationService, IHttpContextAccessor contextAccessor, ISystemClock clock
            , IKeyMaterialService keyMaterialService, IdentityServerOptions options, ILogger<DefaultTokenService> logger)
            : base(claimsProvider, referenceTokenStore, creationService, contextAccessor, clock, keyMaterialService, options, logger)
        {

        }

        public async override Task<Token> CreateAccessTokenAsync(TokenCreationRequest request)
        {
            Token token = await base.CreateAccessTokenAsync(request);

            if (token.ClientId == "demo" && token.Scopes != null && token.Scopes.Any(s => s.Equals("mc", StringComparison.OrdinalIgnoreCase)))
            {
                token.Audiences.Add($"{EnsureTrailingSlash(token.Issuer)}resources");
            }

            return token;
        }

        private string EnsureTrailingSlash(string url)
        {
            if (url != null && !url.EndsWith("/"))
            {
                return url + "/";
            }

            return url;
        }
    }
}