Next: , Previous: , Up: Building OAuth Apps   [Index]

1.4.3 Scope of OAuth App

Scopes let you specify exactly what type of access you need.

When setting up an OAuth App on GitHub, requested scopes are displayed to the user on the authorization form.

If your OAuth App doesn’t have access to a browser, such as a CLI tool, then you don’t need to specify a scope for users to authenticate to your app.

Check headers to see what OAuth scopes you have, and what the API action accepts:

$ curl -H "Authorization: token OAUTH-TOKEN" -I
HTTP/1.1 200 OK
X-OAuth-Scopes: repo, user
X-Accepted-OAuth-Scopes: user
$ curl -H "Authorization: token $GITHUB_TOKEN" -I
> X-OAuth-Scopes: admin:gpg_key, admin:org, admin:org_hook, admin:public_key, admin:repo_hook, delete_repo, gist, notifications, repo, user, workflow, write:discussion