By default, a client has "roles" scope as "default" so a user will have all affected clients roles in its tokens. Learn how and why you must restrict roles in tokens by turning off "full scopes allowed" switch.
| See moreAny question? Want more information? Follow us on twitter or you can reach out to us via email.