Security teams should treat claims and scopes as governed authorization outputs, not as simple IdP mappings. Put one policy owner in charge of how token contents are derived, feed current entitlement and risk context into issuance, and log the decision so audits can explain why access was granted.
Why This Matters for Security Teams
Claims and scopes inside access tokens are not just metadata. They are the effective authorization boundary for every API call, job, and delegated workflow that depends on the token. When teams let an IdP emit claims by default and treat scopes as a mapping exercise, they lose control over who can act, under what conditions, and for how long. The risk is especially visible in token theft and OAuth abuse cases such as the Salesloft OAuth token breach, where the token itself becomes the attacker’s path to legitimate access.
Current guidance suggests treating token contents as governed authorization outputs that should be explainable, auditable, and tied to business intent. That means claims must reflect current entitlement state, session context, and risk signals, not just directory attributes. The same logic applies to the broader secret-sprawl problem described in NHIMG research on the Guide to the Secret Sprawl Challenge, where overexposed credentials often outlive the controls meant to constrain them. In practice, many security teams encounter overbroad token scopes only after a downstream system has already accepted them.
How It Works in Practice
Effective token governance starts with a single policy owner who defines which claims are allowed, how scopes are derived, and which upstream sources are authoritative. That owner should not be the IdP alone. Instead, the token service should evaluate current entitlement data, workload posture, user or agent context, and request purpose before issuing claims. The result is a runtime authorization decision, not a static template.
Teams usually get the best results when they separate three functions:
- identity proofing or workload authentication, which establishes who or what is requesting access
- authorization policy, which decides what claims and scopes can be issued right now
- audit logging, which records the inputs and rationale for the issuance decision
For human users, this often means reducing broad directory groups into narrowly bounded scopes at token minting time. For NHIs, it means binding claims to the workload or service instance, then constraining scope duration and audience. The OWASP Non-Human Identity Top 10 aligns with this approach by emphasizing that NHI credentials and permissions must be actively governed rather than assumed safe because they were machine-issued. NIST’s Cybersecurity Framework 2.0 also reinforces the need for repeatable access governance and monitoring across the identity lifecycle.
In mature environments, claims are minimized by default, scopes are approved through policy-as-code, and exceptions require explicit justification. Security teams should also validate that downstream services check token audience, issuer, expiry, and scope semantics consistently, because a perfectly governed token still fails if the consuming API trusts it too broadly. These controls tend to break down when multiple application owners mint tokens independently because claims drift from enterprise policy and audits lose a single source of truth.
Common Variations and Edge Cases
Tighter token governance often increases issuance friction and operational overhead, requiring organisations to balance security gain against developer speed and service reliability. That tradeoff is real, especially where older applications expect long-lived tokens or broad role-to-scope mappings. Current guidance suggests phasing in stronger governance rather than attempting a sudden redesign of every issuer and consumer.
There is no universal standard for this yet, but a few edge cases come up repeatedly. Shared service accounts may need scoped tokens for batch jobs, yet those scopes should still be time-bound and environment-bound. Multi-tenant platforms often need claims that represent tenant, workspace, or project context, which should be validated at issuance and consumption time. For agentic workflows, token claims must reflect what the agent is allowed to do now, not what it was allowed to do at session start, because autonomous tool chaining can expand impact quickly.
Where governance is weakest is usually in delegation chains, legacy APIs that ignore scope granularity, and systems that accept tokens without checking current entitlement state. The lesson from repeated breach patterns is consistent: if claims can be minted once and reused everywhere, they eventually become standing privilege by another name.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Token claims and scopes must be governed as NHI authorization outputs. |
| NIST CSF 2.0 | PR.AC-4 | Access permissions should be managed as part of token issuance and enforcement. |
| NIST AI RMF | Runtime context and accountability are central to governed token decisions. |
Define who can mint NHI token claims and review issuance against current entitlement and risk.
Related resources from NHI Mgmt Group
- How should security teams govern non-human identities that have persistent access?
- How should security teams govern API keys used for generative AI access?
- How should security teams govern agent-native payments without creating new shadow access paths?
- How should security teams govern access for agents and ephemeral workloads?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
