# define allowed scoped ( https://developer.okta.com/docs/guides/implement-oauth-for-okta/define-allowed-scopes/)
    # to list the avilable scopes use:
    curl -X POST \
    -H 'Accept: application/json' \
    -H "Authorization: SSWS ${api_token}" \
    -H 'Content-Type: application/json' \
    -d '{
          "scopeId": "okta.users.read",
          "issuer": "https://{yourOktaDomain}"
    }' "https://${yourOktaDomain}/api/v1/apps/client_id/grants"