Got it, thanks for clarifying how not to use scopes. Honestly I'm still a bit bleary-eyed thinking about auth flows, though I do feel like I'm finally understanding the difference between authentication and authorization, etc (diagrams like
https://docs.flyte.org/en/latest/deployment/configuration/auth_appendix.html#id2 are immensely helpful). Setting up a poc in our ecosystem (aws, okta) will likely help elucidate some of my areas of uncertainty - the authorization request itself, idp setup, and flyte user scope. At least I'll be able to ask more informed questions... I appreciate you responding so promptly on the weekend!