Not all OAuth2 tokens are made equal: user vs app tokens explained

Wait 5 sec.

Understanding identity principals