Validating server side client php security
* - If the user has granted access, make the API request.* - If the user has not granted access, initiate the sign-in flow.
We recommend that your application request access to authorization scopes in context whenever possible.
A space-delimited list of scopes that identify the resources that your application could access on the user's behalf.