Hi Butcher, Daniel, I want to help you with your question.
In the enterprise environment, I would always go the route of additionally securing the Auth Flow with Subscription IDs, unless there are critical or design reasons not to do so.
OAuth 2 is already very robust in terms of security, but with the SubscriptionID I have another layer of protection and also get additional features in terms of monitoring and management, such as tracking API requests from different clients, enforcing rate limits, or simply withdrawing access
If the reply was helpful, please don’t forget to upvote or accept it as an answer, thank you!