I have requirement where I am getting one token from the Authorization Server - Auth 0 which is used to authenticate both the api and the device
If my device get compromised then with the token the attacker can invoke the api .
Is there anyway I can restrict the token to only access the device or only access the api .
I want Auth 0 to issue a token specific to api and token specific to device.
Is there any feature that can help here ?