sadly they, afaik, do not implement the permission model. So no way to control the token permissions.

(plz correct me if i'm wrong)