There are technically 2 different ATProto OAuth clients, public and confidential clients. I categorize them into 3, with the added one being a public client that works locally for development and allows you not to have to expose your application to the internet or set up a domain to use, making it much easier during development.
[...]
Scopes are one of the big benefits of using OAuth over app passwords in ATProto. With scopes, an application can request to have access to only certain parts of the user's account and not the whole. This lets users trust your application much more since it will only have limited access to your ATProto account. When OAuth launched, there was a very limited number of scopes developers had access to, and it was all or nothing with the scopes
atproto transition:genericthis gave you full access to the users, repo meaning you could create, edit, or delete any record. This would also show a pretty scary screen like this for the user on login to your application.