Hi, I have created a command line utility which uses the PKCE flow to obtain an access token. Now I noticed that the native application can request access to any API and request any scope.
How can I limit access to APIs and scopes for native applications?