Now I wonder whether “retrieving” your own OAuth token from an app to make REST calls that extract your own data from cloud services is legal. It seems to fall under the same guideline, that exceeding authorization is not unauthorized access, so even though it's usually against the terms of service it doesn't violate CFAA?