That makes sense, but it doesn't lend well to more customizable tokens. It would be nice if I could control the token's permissions on a pretty granular level. Like "can only read one type of resource", or "can only read a specific resource".