We need a scope that focuses on only a single user, rather than all users in an application, or all in the system. A token should be able to address and target specific resources.
In the most practical sense, this should probably just be adding external identity provider claims to the introspection endpoint response.
We need a scope that focuses on only a single user, rather than all users in an application, or all in the system. A token should be able to address and target specific resources.
In the most practical sense, this should probably just be adding external identity provider claims to the introspection endpoint response.