Hi,
I’ve got the basic functionality running. Now need to get to some advanced scenarios.
Want to make sure that users cannot access/modify sensitive information. For example, planning to store StripeCustomerId inside app_metadata of each users. This is ok for users to read, but users should not be able to modify app_metadata.
I was thinking to use 2 Applications within the tenant. First application would be used to authenticate end users, and the second application would be used from my backend to modify modify app_metadata.
What would be the best scopes to assign to each application?
Thanks,
Ruben