Hi Colin,
yes, allowing moodle/webservice:createtoken for authenticated users should be fine and is the same as dangerous than moodle/webservice:createmobiletoken
Hi Colin,
yes, allowing moodle/webservice:createtoken for authenticated users should be fine and is the same as dangerous than moodle/webservice:createmobiletoken