Indeed, but still not wise to generate a “every scope” token
ClientID’s are public information they are in the URL when you send a user to authenticate your apps access to your account.
Yup, thats how you do it keep +'ing, but still:
Site note: analytics:read:game is useless unless you are a registered game developer.