在OAuth应用授权流程中自定义范围

As you may know, the Dropbox API authorization system uses "scopes" for granular control over what functionality an app can access. This allows app developers to select what API functionality their apps can use, so that users can feel more comfortable granting apps access to their accounts. This can help give users peace of mind that the apps will only be able to perform the operations that the apps actually need. It may not be obvious though that you can further customize exactly which scopes your app requests and when. Let's look at the options for configuring and customizing scopes in more detail.

正如您所知，Dropbox API 授权系统使用“范围”来对应用程序可以访问的功能进行细粒度控制。这使得应用程序开发人员可以选择其应用程序可以使用的 API 功能，以便用户可以更放心地授予应用程序对其帐户的访问权限。这可以帮助用户放心，应用程序只能执行应用程序实际需要的操作。然而，可能不明显的是，您可以进一步自定义应用程序请求的范围以及何时请求。让我们更详细地了解配置和自定义范围的选项。

First, it's important to note that the scopes you enable on the Permissions tab of the app's page on the App Console define the maximum, as well as the default, set of scopes that the app can request. For example, let's look at a user-linked app. By default, it has the account_info.read scope, which is required to be registered for user-linked apps. We'll also enable files.content.read and files.metadata.read scopes for this example.

首先，重要的是要注意，在应用程序控制台上的应用程序页面的权限选项卡上启用的范围定义了应用程序可以请求的最大范围，以及默认范围。例如，让我们看一个用户链接的应用程序。默认情况下，它具有account_info.read范围，这是用户链接的应用程序必须注册的范围。我们还将为此示例启用files.content.read和files.metadata.read范围。

A screenshot showing the app’s scopes configuration.

显示应用程序范围配置的屏幕截图。

When we send a user to the app authorization page, by default, they'll be prompted to authorize the app with all of those scopes:

当我们将用户发送到应用程序授权页面时，默认情况下，他们将被提示授权应用程序的所有这些范围：

https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&response_type=code

A screenshot of the app authorization page defaulting to the scopes registered to the app.

应用程序授权页面的屏幕截图，默认为应用程序注册的范围。

However, if you don't need all of the scopes that are currently enabled on the app, you can instead...