Scopes only come into play in delegation scenarios, and always limit what an app can do on behalf of a user: a scope cannot allow an application to do more than what the user can do.
Auth0 Principal Architect Vittorio Bertocci on why you shouldn’t use OAuth2 scopes for every authorization scenario.
Top comments (0)