2016-05-31 22:00:59 +00:00
|
|
|
|
|
|
|
=== Limiting Scope
|
|
|
|
|
2016-06-07 19:02:18 +00:00
|
|
|
By default, each new client application has an unlimited scope. This means that every access token that is created
|
2016-05-31 22:00:59 +00:00
|
|
|
for that client will contain all the permissions the user has. If the client gets compromised and the access token
|
|
|
|
is leaked, then each system that the user has permission to access is now also compromised. It is highly suggested
|
2017-08-28 12:50:14 +00:00
|
|
|
that you limit the roles an access token is assigned by using the <<_client_scope, Scope menu>> for each client.
|
2016-05-31 22:00:59 +00:00
|
|
|
|