When we are requesting a bearer token using production credentials. It work with the url for production and development. Is it possible to disable this redirect? So production credentials will only work when using production url and fail when using development url?
Hey @emil.enemaerke ,
Which grant are you using to get the tokens?
And are you referring to using different tenant URLs and still getting tokens with the same credentials?
I’m referring to using different tenant URLs and still getting a valid token with the same credentials.
A client and API is existing in production but not in development. When requesting a bearer token for the client against prod.example.com it works as expected. When requesting a bearer token from dev.example.com we still get a valid bearer token - not expected. In the audit logs from the two tenants I can see that it is production which is handling the request. That is why I’m guessing that there must be some kind of redirect?