Closed mileswwatkins closed 5 years ago
These scopes seem perfectly normal to me--certainly they're what we'd need to do what it is that the template does. We could be more specific with Drive, but we need enough access that I think the API-wide scope is justified.
We recently had an issue where our Google Drive OAuth access was flagged by Google as "high risk." It had to be white-listed in an admin dashboard somewhere. According to Paul Miles:
We should be requesting absolute-minimum scope for what the Google OAuth token is needed for (ie, offline caching of documents). Check that that is true right now!