Hi, I am building a website to allow users to edit their own content. Normally, I should set up a server for authentication, but I wonder any chance that users can have access to the constrained personal access token which only has two scopes for choices by now. This way, users can talk to content API directly without a proxy server to wrap up the API key. Or maybe, if the personal access token can be verified by JWT, developers only need to issue a constrained token when users login in, and revoke token on login out.
Did you find a solution? I am trying to do the same.