Hello, I'm using the brightspace API pretty extensively, and I've encountered a number of endpoints with no OAuth Scope listed. Primary related 'dropboxes' (https://docs.valence.desire2learn.com/res/dropbox.html#get--d2l-api-le-(version)-(orgUnitId)-dropbox-folders- for example), but also in other areas (https://docs.valence.desire2learn.com/res/quiz.html#get--d2l-api-le-(version)-(orgUnitId)-quizzes-(quizId)-questions- and https://docs.valence.desire2learn.com/res/releaseconditions.html#get--d2l-api-lp-(version)-(orgUnitId)-conditionalRelease-conditions-(targetType)-(targetId)

I've been using the core:*:* scope to support those, and that works fine, but I have a client who is concerned about this scope, so I've been looking into it more deeply and I'm a little confused by what I'm finding. I found this post

Where someone is saying that you should use dropbox:folders:read or dropbox:folders:write for dropbox endpoints. Is this just misinformation, or are there really endpoints with undocumented scopes?

My understanding was that some endpoints don't have a scope yet, but may get one in the future, and core:*:* is the correct scope to use for them, is that accurate?

Thank you,

Ryker Blunck