I've configured an OAuth client in ServiceNow and assigned a scope that is limited to the "Contact" API. A standard user with the role "sn_customerservice_agent" generates an access token using this scope. The token is created successfully.
However, using this token, the user can still access the "Case" API, even though that scope is not included.
Is there a way to restrict the API access using scopes?
