Feature proposal: ability to prevent admins/groups from using non-trusted OAuth applications
Proposal
It would be a great defense-in-depth feature to have a setting to prevent admin accounts (or even whole groups) to connect OAuth applications which are not trusted
.
Such a feature should prevent access for arbitrary OAuth applications which have scopes other than read_user
, openid
, email
and profile
as a measure against OAuth based phishing.