Quick question about scoping an OAuth client to specific divisions for multi-tenant BPO access. I’m hitting a 403 Forbidden when executing flows via the API using a client granted only division:read and flow:execute scopes for Division ID d-123, despite the flow existing in that division.
- Verified the access token contains the correct
division_idclaim via JWT decode. - Confirmed the client ID has
owneraccess to the target division via GET /api/v2/authorization/clients/{id}.