Hi Okta community,
Does Okta implements the “incremental authorization” feature ? We want to implement the least privilege principale and allow clients to request only the scopes they need. During the user session, if other scopes required, we will request for more scopes by “exchanging” a valid token with a new one (adding the requested scopes to the existing one).
Here is a draft from IETF: draft-ietf-oauth-incremental-authz-04