Hello Vladimir,
The problem with "insufficient_scope" is that it refers not to the abstract
scope, but to the concrete "scope" token claim. The "scope" claim might be
fine, but the token might lack the necessary RAR authorization_details. And
yes, there is currently no way for the RS to communicat
insufficient_scope
The request requires higher privileges than provided by the
access token. The resource server SHOULD respond with the HTTP
403 (Forbidden) status code and MAY include the "scope"
attribute with the scope necessary to access the protec
