About scopes: Oauth allows you to request different levels of access to a user's account. By default all applications are granted access to the public scope.
This is misleading, however. We default to "public" only if the API client does not request any other scopes, according to the doorkeeper wiki.
Our docs mention:
This is misleading, however. We default to "public" only if the API client does not request any other scopes, according to the doorkeeper wiki.