core:*:* scope


Hi everyone,

I had a quick question.

One of our partners who handles our student advising for one of our programs has requested access to OAuth2.0. They gave us the scope and API calls they were requesting access to. The dropbox/assignment APIs don't have their own scope as most of the tools do, so they're just included in core:*:*.

Is there anything that provides write access under core:*:*? That is our primary concern. We have no issue providing them read access to any of the student data they're advising or anything else they would see if they used one of their logins, but don't want to grant them write access.

The API documentation provides a list of all of the scopes and the API calls they include except the core:*:* scope.

Thank you!