I'm requesting authorization codes using the Google API and specify https://www.googleapis.com/auth/drive.file as the required scope since I'm going to store files on the users drives.
However, when I'm authenticating it says my application requests permission for two scopes, both
View and manage Google Drive files and folders that you have opened or created with this app
and
View metadata for files in your Google Drive
I can verify that I indeed have access to list all files on the drive.
Is the drive.metadata automatically included/required for the scope i'm requesting?
I wish to ask for as few permissions as possible.
https://www.googleapis.com/auth/drive View and manage the files in your Google Drive
https://www.googleapis.com/auth/drive.appdata View and manage its own configuration data in your Google Drive
https://www.googleapis.com/auth/drive.file View and manage Google Drive files and folders that you have opened or created with this app
https://www.googleapis.com/auth/drive.metadata View and manage metadata of files in your Google Drive
https://www.googleapis.com/auth/drive.metadata.readonly View metadata for files in your Google Drive
https://www.googleapis.com/auth/drive.photos.readonly View the photos, videos and albums in your Google Photos
https://www.googleapis.com/auth/drive.readonly View the files in your Google Drive
https://www.googleapis.com/auth/drive.scripts Modify your Google Apps Script scripts' behavior
You cant view metadata on a file you dont have access to see. Yes you need to be able to see them. Google is smart they know if you want to want to see the metadata your going to have to also need the ability to see the file in question. So yes you are going to need to be able to list it.