Is there any way to generate an OAuth Access Token which is associated to a server/application as well as to a particular user so that the issued token can not be used to operate on another user.
The reason I am asking for a user level token is that , If I issue an access token (Following OAuth 2.0 Client Credential Grant Type) to a server , it just verifies if the right server is accessing the API. However It doesn't limit the usage of token to one particular user. So if the token is compromised then all data can be accessed irrespective of the logged in user.
Note : We are using CA API GW 9.0 & OTK 3.2