Pre-authorizing a client application to access a user account on a content management system

The invention claimed is: 1. A method comprising: receiving, at a content management system from a first application on a client device, an installation request to install a second application on the client device; determining whether the installation request is associated with an authenticated user account at the content management system; when the installation request is associated with the authenticated user account, tagging an installer of the second application with an identification tag associated with the authenticated user account; transmitting, to the client device, the installer tagged with the identification tag; receiving, from the client device, a pre-authorization request associated with the second application, the pre-authorization request including the identification tag; based on the identification tag in the pre-authorization request, determining that the second application is pre-authorized to access the authenticated user account; and logging the second application into the authenticated user account at least partly in response to determining that the second application is pre-authorized to access the authenticated user account. 2. The method of claim 1 , further comprising: prior to receiving the installation request from the first application, receiving, from the first application running on the client device, login credentials associated with the authenticated user account; based on the login credentials: authenticating a user account associated with the login credentials to yield the authenticated user account; and logging the first application into the content management system via the authenticated user account; prior to sending the installer to the client device, verifying that the first application associated with the installation request is logged in via the authenticated user account; and upon verifying that the first application associated with the installation request is logged in via the authenticated user account, determining that the installation request is associated with the authenticated user account. 3. The method of claim 1 , further comprising: creating an entry in a pre-authorization index, the entry including: the identification tag, a creation time of the identification tag, an account identifier identifying the authenticated user account, and an IP address. 4. The method of claim 3 , wherein the first application comprises a web-browser application and the second application comprises a client-side application, the method further comprising: receiving the preauthorization request indicating installation of the client-side application on the client device prior to an expiration of a predetermined period of time associated with the identification tag; generating an authentication key; in response to the client-side application being installed on the client device, causing the web-browser application to transmit an authorization message comprising the authentication key to the content management system; receiving the authorization message and authentication key; and in response to the authentication key matching a respective authentication key associated with the identification tag, logging the client-side application on the content management system via the authenticated user account. 5. The method of claim 3 , further comprising: identifying a requesting IP address that the pre-authorization request was received from; and determining that the identification tag was received from an authorized IP address when the requesting IP address matches the IP address in the entry in the pre-authorization index. 6. The method of claim 3 , further comprising: determining whether the identification tag has been previously used to pre-authorize the second application, to yield a previous-usage determination; and based on the previous-usage determination, determining that use of the identification tag to pre-authorize the second application does not exceed a previous use restriction, wherein the previous use restriction defines a maximum number of times that the identification tag can be used to pre-authorize the second application. 7. The method of claim 6 , further comprising: upon logging the second application via the authenticated user account on the content management system, flagging the entry in the pre-authorization index to indicate that the identification tag has been used to pre-authorize the second application. 8. A content management system comprising: one or more processors; and at least one memory containing instructions that, when executed by the one or more processors, cause the content management system to: receive, from a first application on a client device, an installation request to install a second application on the client device; determine whether the installation request is associated with an authenticated user account at the content management system; when the installation request is associated with the authenticated user account, tag an installer of the second application with an identification tag associated with the authenticated user account; transmit, to the client device, the installer tagged with the identification tag; receive, from the client device, a pre-authorization request associated with the second application, the pre-authorization request including the identification tag; based on the identification tag in the pre-authorization request, determine that the second application is pre-authorized to access the authenticated user account; and log the second application into the authenticated user account at least partly in response to determining that the second application is pre-authorized to access the authenticated user account. 9. The content management system of claim 8 , the at least one memory containing additional instructions which, when executed by the one or more processors, cause the content management system to: prior to receiving the installation request from the first application, receive, from the first application running on the client device, login credentials associated with the authenticated user account; based on the login credentials: authenticate a user account associated with the login credentials to yield the authenticated user account; and log the first application into the content management system via the authenticated user account; prior to sending the installer to the client device, verify that the first application associated with the installation request is logged in via the authenticated user account; and upon verifying that the first application associated with the installation request is logged in via the authenticated user account, determine that the installation request is associated with the authenticated user account. 10. The content management system of claim 8 , the at least one memory containing additional instructions which, when executed by the one or more processors, further cause the content management system to: create an entry in a pre-authorization index, the entry including: the identification tag, an account identifier identifying the authenticated user account, a creation time for the identification tag, and an IP address. 11. The content management system of claim 10 , wherein the first application comprises a web-browser application and the second application comprises a client-side application, the at least one memory containing additional instructions which, when executed by the one or more processors, further cause the content management system to: receive the preauthorization request indicating installation of the client-side application on the client device prior to an expiration of a predetermi