Skip to content

v11.4.7

Latest

Choose a tag to compare

@ryanio ryanio released this 15 Jul 22:36

What's Changed

  • OAuth browser and device flows now request Zitadel's role-specific scopes, keeping issued tokens limited to the OpenSea permissions the client requested.
  • Explicit empty scope lists are rejected locally instead of being sent to the authorization server, where they could expand to every role on the account.

Full Changelog: ProjectOpenSea/opensea-devtools@sdk-v11.4.5...sdk-v11.4.7