As a Canvas administrator, there are times when I'd like to issue an authorization token that is scoped as though I were an instructor. This would be useful for testing purposes, but also for cases where I am actually teaching a course, and I want to give a 3rd party access only to the data they would get if I were an instructor for that course. Is there a way to do that?
In general, I find that the security issues around tokens, particularly admin tokens, are a bit scary. At the same time, I'm totally thrilled by the apps I can build by taking advantage of the API. I'd love to be able to share these more broadly, but even asking people for tokens, especially admin tokens, makes me anxious. Are there plans to implement authorization scoping?