In the middle of setting up a Matrix / Salesforce API integration. It looks like the Oauth token asset needs public view permissions in order to talk to Salesforce and pull back and store the relevant tokens etc.
Bit concerned about the Oauth asset url being publicly available though. Any advice? Is it as big an issue as I’m making it out to be?