we are using machine to machine applications to secure access to an API.
The API has a set of scopes (e.g. scope1, scope2, scope3, … scope30).
I have several hundred m-2-m applications.
It is HUGELY tedious to have to assign scopes per application. It is even more tedious when a new scope is added to the API, and every application has to be revisited to enable the new scope.
In Okta, it is possible to create policies which determines the available scopes, and then attach applications to the policy. You do not need to define the scopes per application.
Is there any way to achieve a similar behaviour with Auth0, akin to groups or policies, so that we don’t have to go through this ridiculous tedium. It seems to obvious!