2020-10-04 UTC
# Zegnat I guess the only bit that may be a little confusing is that your response is different depending on whether the client is doing the code exchange against the auth or token endpoint. If I have a profile scope and exchange with the auth endpoint I do not expect an access_token back, but when I go with the exact same flow against the token endpoint I do expect one?