Caleb Dockter
Caleb Dockter
I'm not really sure I understand the push back here. The `scope` claim in OAuth is intended exactly for the purpose of restricting the APIs the token bearer is permitted...
Any update on this issue?
I read the above response as "we don't want to and we don't care". If there was federated auth support for API access that might help but it is unclear...
I think you missed the point here somewhat; I don't wanted federated "users", I want federated Auth. The issue with the current offering is I still must provision API keys...