<html lang="en">

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<meta http-equiv="Content-Language" content="en-us" />

<meta http-equiv="imagetoolbar" content="false" />

<meta name="MSSmartTagsPreventParsing" content="true" />

<title>OAuth changes coming</title>

<link rel="alternate" type="application/atom+xml" title="API Changes" href="/changes.atom" />

<link href="/css/reset.css" rel="stylesheet" type="text/css" />

<link href="/css/960.css" rel="stylesheet" type="text/css" />

<link href="/css/uv_active4d.css" rel="stylesheet" type="text/css" />

<link href="/shared/css/documentation.css" media="screen" rel="stylesheet" type="text/css">

<link href="/shared/css/pygments.css" media="screen" rel="stylesheet" type="text/css">

<script src="/shared/js/jquery.js" type="text/javascript"></script>

<script src="/shared/js/documentation.js" type="text/javascript"></script>

<body class="api">

<div id="header-wrapper">

<div id="header">

<div>

<a class="logo" href="/"><img src="/images/logo_developer.png" height="45" alt="GitHub:Developer" /></a>

<ul class="nav">

<li class="api-status"></li>

<li><a href="/v3/">API v3</a></li>

<li><a href="/changes/">Changes</a></li>

<li><a

href="https://github.com/contact">Support</a></li>

<li><a href="/changes.atom">

<img src="/images/feed-icon-28x28.png" width="16" height="16" alt="GitHub API Changes Feed" />

</a></li>

</ul>

</div>

</div><!-- #header -->

</div><!-- #header-wrapper -->

<div id="wrapper">

<div class="content">

<div class="change" id="/changes/2013-10-04-oauth-changes-coming/">

<h2 class="title">

<a href="/changes/2013-10-04-oauth-changes-coming/">OAuth changes coming</a>

<div class="meta">

<ul>

<li class="published">

<span class="octicon octicon-calendar"></span>

October 4, 2013

</li>

<li class="who_when">

<img height="16" width="16" src="https://secure.gravatar.com/avatar/2f4861b27dc35663ed271d39f5358261?s=20&d=https://a248.e.akamai.net/assets.github.com%2Fimages%2Fgravatars%2Fgravatar-user-420.png" />

<a href="https://github.com/tclem">tclem</a>

</li>

<p>Starting today, we are returning granted scopes as part of the

<a href="/v3/oauth/#github-redirects-back-to-your-site">access_token response</a>.

For example, if you are making a POST with the <code>application/json</code>

mime-type you’ll see an additional field for the granted scopes.</p>

<pre class="highlight">

<code class="language-javascript"><span class="p">{</span>

<span class="s2">"access_token"</span><span class="o">:</span><span class="s2">"e72e16c7e42f292c6912e7710c838347ae178b4a"</span><span class="p">,</span>

<span class="s2">"scope"</span><span class="o">:</span><span class="s2">"repo,gist"</span><span class="p">,</span>

<span class="s2">"token_type"</span><span class="o">:</span><span class="s2">"bearer"</span>

<span class="p">}</span></code>

<p>Right now, these scopes will be identical to what you requested, but we

are moving towards a feature set that will allow GitHub users to edit

their scopes, effectively granting your application less access than you

originally requested. You should be aware of this possibility and adjust

your application behavior accordingly.</p>

<p>Some things to watch out for and keep in mind:</p>

<p>Most third party applications using GitHub OAuth to identify users have

the best success in adoption by starting out with a request for the

minimum access that the application can possibly get away with.

Something like no scopes or just <code>user:email</code> is very sane.</p>

</li>

<li>

<p>It is important to handle the error cases where a users chooses to

grant you less access than you originally requested. Now that we are

surfacing the granted scopes on the access_token response, applications

can warn or otherwise communicate with their users that they will see

reduced functionality or be unable to perform some actions.</p>

</li>

<li>

<p>Applications can always send users back through the flow again to get

additional permission, but don’t forget that users can always say no.</p>

</li>

</div>

<div id="js-sidebar" class="sidebar-shell">

<div class="js-toggle-list sidebar-module expandable">

<ul>

<li class="js-topic">

<h3><a href="#" class="js-expand-btn collapsed">&nbsp;</a><a href="/v3/">Overview</a></h3>

<ul class="js-guides">

<li><a href="/v3/libraries/">Libraries</a></li>

<li><a href="/v3/media/">Media Types</a></li>

<li><a href="/v3/oauth/">OAuth</a></li>

<li><a href="/v3/auth/">Other Authentication Methods</a></li>

<li><a href="/v3/troubleshooting/">Troubleshooting</a></li>

</ul>

</li>

<li class="js-topic">

<h3><a href="#" class="js-expand-btn collapsed">&nbsp;</a><a href="/guides/">Guides</a></h3>

<ul class="js-guides">

<li><a href="/guides/getting-started/">Getting Started</a></li>

<li><a href="/guides/basics-of-authentication/">Basics of Authentication</a></li>

<li><a href="/guides/rendering-data-as-graphs/">Rendering Data as Graphs</a></li>

<li><a href="/guides/working-with-comments/">Working with Comments</a></li>

</ul>

</li>

<li class="js-topic">

<h3><a href="#" class="js-expand-btn collapsed">&nbsp;</a><a href="/v3/activity/">Activity</a></h3>

<ul class="js-guides">

<li><a href="/v3/activity/events/">Events</a></li>

<li><a href="/v3/activity/events/types/">Event Types</a></li>

<li><a href="/v3/activity/feeds/">Feeds</a></li>

<li><a href="/v3/activity/notifications/">Notifications</a></li>

<li><a href="/v3/activity/starring/">Starring</a></li>

<li><a href="/v3/activity/watching/">Watching</a></li>

</ul>

</li>

<li class="js-topic">

<h3><a href="#" class="js-expand-btn collapsed">&nbsp;</a><a href="/v3/gists/">Gists</a></h3>

<ul class="js-guides">

<li><a href="/v3/gists/comments/">Comments</a></li>

</ul>

</li>

<li class="js-topic">

<h3><a href="#" class="js-expand-btn collapsed">&nbsp;</a><a href="/v3/git/">Git Data</a></h3>

<ul class="js-guides">

<li><a href="/v3/git/blobs/">Blobs</a></li>

<li><a href="/v3/git/commits/">Commits</a></li>

<li><a href="/v3/git/refs/">References</a></li>

<li><a href="/v3/git/tags/">Tags</a></li>

<li><a href="/v3/git/trees/">Trees</a></li>

</ul>

</li>

<li class="js-topic">

<h3><a href="#" class="js-expand-btn collapsed">&nbsp;</a><a href="/v3/issues/">Issues</a></h3>

<ul class="js-guides">

<li><a href="/v3/issues/assignees/">Assignees</a></li>

<li><a href="/v3/issues/comments/">Comments</a></li>

<li><a href="/v3/issues/events/">Events</a></li>

<li><a href="/v3/issues/labels/">Labels</a></li>

<li><a href="/v3/issues/milestones/">Milestones</a></li>

</ul>

</li>

<li class="js-topic">

<h3><a href="#" class="js-expand-btn collapsed">&nbsp;</a><a href="/v3/misc/">Miscellaneous</a></h3>

<ul class="js-guides">

<li><a href="/v3/emojis/">Emojis</a></li>

<li><a href="/v3/gitignore/">Gitignore</a></li>

<li><a href="/v3/markdown/">Markdown</a></li>

<li><a href="/v3/meta/">Meta</a></li>

<li><a href="/v3/rate_limit/">Rate Limit</a></li>

</ul>

</li>

<li class="js-topic">

<h3><a href="#" class="js-expand-btn collapsed">&nbsp;</a><a href="/v3/orgs/">Orgs</a></h3>

<ul class="js-guides">

<li><a href="/v3/orgs/members/">Members</a></li>

<li><a href="/v3/orgs/teams/">Teams</a></li>

</ul>

</li>

<li class="js-topic">

<h3><a href="#" class="js-expand-btn collapsed">&nbsp;</a><a href="/v3/pulls/">Pull Requests</a></h3>

<ul class="js-guides">

<li><a href="/v3/pulls/comments/">Review Comments</a></li>

</ul>

</li>

<li class="js-topic">

<h3><a href="#" class="js-expand-btn collapsed">&nbsp;</a><a href="/v3/repos/">Repositories</a></h3>

<ul class="js-guides">

<li><a href="/v3/repos/collaborators/">Collaborators</a></li>

<li><a href="/v3/repos/comments/">Comments</a></li>

<li><a href="/v3/repos/commits/">Commits</a></li>

<li><a href="/v3/repos/contents/">Contents</a></li>

<li><a href="/v3/repos/downloads/">Downloads</a></li>

<li><a href="/v3/repos/forks/">Forks</a></li>

<li><a href="/v3/repos/keys/">Keys</a></li>

<li><a href="/v3/repos/hooks/">Hooks</a></li>

<li><a href="/v3/repos/merging/">Merging</a></li>

<li><a href="/v3/repos/releases/">Releases</a></li>

<li><a href="/v3/repos/statistics/">Statistics</a></li>

<li><a href="/v3/repos/statuses/">Statuses</a></li>

</ul>

</li>

<li class="js-topic">

<h3><a href="#" class="js-expand-btn collapsed">&nbsp;</a><a href="/v3/search/">Search</a></h3>

<ul class="js-guides">

<li><a href="/v3/search/#search-repositories">Repositories</a></li>

<li><a href="/v3/search/#search-code">Code</a></li>

<li><a href="/v3/search/#search-issues">Issues</a></li>

<li><a href="/v3/search/#search-users">Users</a></li>

<li><a href="/v3/search/legacy/">Legacy Search</a></li>

</ul>

</li>

<li class="js-topic">

<h3><a href="#" class="js-expand-btn collapsed">&nbsp;</a><a href="/v3/users/">Users</a></h3>

<ul class="js-guides">

<li><a href="/v3/users/emails/">Emails</a></li>

<li><a href="/v3/users/followers/">Followers</a></li>

<li><a href="/v3/users/keys/">Keys</a></li>

</ul>

</li>

</ul>

</div> <!-- /sidebar-module -->

<div class="sidebar-module">

<p>This website is a <a href="https://github.com/github/developer.github.com" target="_blank">public GitHub repository</a>. Please help us by forking the project and adding to it.</p>

</div>

</div><!-- /sidebar-shell -->

</div><!-- #wrapper -->

<div id="footer" >

<div class="upper_footer">

<div class="footer_inner clearfix">

<ul class="footer_nav">

<h4>GitHub</h4>

<li><a href="https://github.com/about">About</a></li>

<li><a href="https://github.com/blog">Blog</a></li>

<li><a href="https://github.com/features">Features</a></li>

<li><a href="https://github.com/contact">Contact &amp; Support</a></li>

<li><a href="https://github.com/training">Training</a></li>

<li><a href="http://status.github.com/">Site Status</a></li>

</ul>

<ul class="footer_nav">

<h4>Tools</h4>

<li><a href="http://mac.github.com/">GitHub for Mac</a></li>

<li><a href="http://mobile.github.com/">Issues for iPhone</a></li>

<li><a href="https://gist.github.com">Gist: Code Snippets</a></li>

<li><a href="http://enterprise.github.com/">GitHub Enterprise</a></li>

<li><a href="http://jobs.github.com/">Job Board</a></li>

</ul>

<ul class="footer_nav">

<h4>Extras</h4>

<li><a href="http://shop.github.com/">GitHub Shop</a></li>

<li><a href="http://octodex.github.com/">The Octodex</a></li>

</ul>

<ul class="footer_nav">

<h4>Documentation</h4>

<li><a href="http://help.github.com/">GitHub Help</a></li>

<li><a href="http://developer.github.com/">Developer API</a></li>

<li><a href="http://github.github.com/github-flavored-markdown/">GitHub Flavored Markdown</a></li>

<li><a href="http://pages.github.com/">GitHub Pages</a></li>

</ul>

</div><!-- /.site -->

</div><!-- /.upper_footer -->

<div class="lower_footer">

<ul class="footer-cell">

<li><a href="http://help.github.com/terms-of-service/">Terms of Service</a></li>

<li><a href="http://help.github.com/privacy-policy/">Privacy</a></li>

<li><a href="http://help.github.com/security/">Security</a></li>

</ul>

<span class="footer-cell">

<a href="https://github.com" class="mega-icon mega-icon-invertocat"></a>

</span>

<span class="footer-cell">

Design &copy; <span class="js-year">2013</span> GitHub, Inc. All rights reserved.

<p>

Except where otherwise noted, content on this site is licensed under a

<a href="http://creativecommons.org/licenses/by/3.0/us/">Creative Commons CC-BY license</a>.

</p>

</span>

</div>

</div><!-- /#footer -->

<script type="text/javascript">

var _gauges = _gauges || [];

(function() {

var t = document.createElement('script');

t.type = 'text/javascript';

t.async = true;

t.id = 'gauges-tracker';

t.setAttribute('data-site-id', '4f2038e0cb25bc1b55000003');

t.src = '//secure.gaug.es/track.js';

var s = document.getElementsByTagName('script')[0];

s.parentNode.insertBefore(t, s);

})();

</script>