Hi,
from security perspective it would be a huge benefit if personal tokens can be restricted to certain operations (=scopes) or restricted to certain resources (e.g. compass projects) within the platform.
A workaround that is possible today is to use a Developer Console app and distribute the client_id to developers and use oauth2 to login, however this is quite cumbersome compared to developers generating a personal token in the Settings UI.
To my understanding Multipass has this capability internally and it’s also used for example with tokens that are generated for the git cloning or VSCode functionality as they are scope restricted.
It would be great if this power can be exposed within the personal token page in the Settings.
Thanks
Nicolas