Comment 4 for bug 316733

I'm not sure if I entirely understand this whole OAuth and access-level system and I'm also no security expert. But in my opinion this is a typical usecase for the "write-private-data"-access-level, so a user would only be able to see/change his own tokens. Similar to the Web UI, where you also can only manage your own tokens.

In case I'm missing something, your last suggestion sounds perfect to me.