Forge apps deployed in the development environment always receive all available OAuth 2.0 scopes
Is this is really true? This is new to me. It would mean any declared scopes are irrelevant until you deploy to staging or production and you can only really test scopes in staging or production environments.
I would appreciate it if anyone could help to clarify.
Hi @tbinna, thanks for bringing this up!
This doesn’t look right… an app deployed in the development environment does not get all available OAuth scopes by default. let me chase this one up.
I can confirm from testing that it is not true, as you will get the appropriate permission denial errors without the proper scopes. I was pretty confused by that line in the docs as well.