I’m trying a password owner grant on two different tenants A, and B.
scope I’m asking for is
However, when I go to
A.auth0.com/oauth/token, and try a Resource owner password grant with credentials and the Client from
B.auth0.com, a token is granted to me
This doesn’t make sense. Shouldn’t I be refused the token on the grounds that I’m accessing a different tenant?