Hi All, AFAIK, currently OAuth2 token endpoint returns the same access token for different scope. Access tokens are issued per client and resource owner. I guess, it must be per client, resource owner and scope. If we are implementing scope validation and resource owner authorization, i guess, it is better to support this. Can we support this for next release of Identity Server, if this is not yet done.?
Thanks, Asela. -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
