Hi,
I'm generating MusicKit JWT tokens on my backend side and using it on the client side to query the Apple Music API. One concern I have is accidentally over issuing the scope of this JWT, resulting in accidental access more services than intended like DeviceCheck or APNS.
Other than using separate keys for MusicKit and other services, is there a way to limit the generated JWT to only the Apple Music API (https://api.music.apple.com/v1/*) using the JWT payload scope?