Authorization for native applications using PKCE

Hi, I have created a command line utility which uses the PKCE flow to obtain an access token. Now I noticed that the native application can request access to any API and request any scope.

How can I limit access to APIs and scopes for native applications?



The following (from @john.gateley) might be useful. CLI with PKCE, uses a rule to control CLI access:


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.