You’re only able to grant OAuth app permissions to your own account or groups you own, which makes it difficult to create tools where I may not want to share API keys (or may not be able to).
I think it would be reasonable if the group owner was able to determine which scopes can be granted based on their role in the group. This will make it easier to create tooling that scales with large teams, have multiple projects sharing similar tools/codebases.
Some use cases:
- Creating and sharing a tool that publishes assets to a group without needing an API key (OAuth PKCE flow can be used)
- Reduce friction of having to create and share API keys manually with team members in a group.
- Access to a specific user can be turned off without needing to reset the entire API key for everyone.