Hi forks,
Suppose I have two services named A and B, both of them have OAuth2 plugin enabled and set ‘global_credentials’ as true.
As I know, a token issued by service B can access service A (that’s what ‘global_credentials’ do)
But my question is that – suppose the scope of A is ''user_profile", and scope of B is “email, user_profile”.
How should I reject the request to service A with token issued by B and the scope is only ‘email’ ?