I have a big issue, I have to restrict the scopes a user has consented to, by making a new subset of the consented scopes in a rule. This is impossible since I don’t know what scopes a user has given consent to!
Any solution to this? I don’t understand why we have access to
accessToken.scope without knowing the scope a user has given consent to.