Skip to content

Commit 977e55c

Browse files
izuzakizuzak
committed
Only request scopes which are used
1 parent 2c8ec14 commit 977e55c

1 file changed

Lines changed: 8 additions & 10 deletions

File tree

content/guides/getting-started.md

Lines changed: 8 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -196,8 +196,8 @@ Also, the [**Authorizations API**][authorizations api] makes it simple to use Ba
196196
to create an OAuth token. Try pasting and running the following command:
197197

198198
<pre class="terminal">
199-
$ curl -i -u &lt;your_username&gt; -d '{"scopes": ["repo", "public_repo", "user", "gist"], \
200-
"note": "getting-started"}' https://api.github.com/authorizations
199+
$ curl -i -u &lt;your_username&gt; -d '{"scopes": ["repo", "user"], "note": "getting-started"}' \
200+
https://api.github.com/authorizations
201201

202202
HTTP/1.1 201 Created
203203
Location: https://api.github.com/authorizations/2
@@ -206,9 +206,7 @@ Content-Length: 384
206206
{
207207
"scopes": [
208208
"repo",
209-
"public_repo",
210-
"user",
211-
"gist"
209+
"user"
212210
],
213211
"token": "5199831f4dd3b79e7c5b7e0ebe75d67aa66e79d4",
214212
"updated_at": "2012-11-14T14:04:24Z",
@@ -233,9 +231,9 @@ Next, let's look at the `scopes` we're sending over in this call. When creating
233231
a new token, we include an optional array of [_scopes_][scopes], or access
234232
levels, that indicate what information this token can access. In this case,
235233
we're setting up the token with _repo_ access, which grants access to read and
236-
write to private repositories, _public\_repo_ grants access to read and write to
237-
public repositories, _user_ grants access to read and write to all user data, and
238-
_gist_ grants access to create new gists. See [the scopes docs][scopes] for a full list of
234+
write to public and private repositories, and _user_ scope, which grants read
235+
and write access to public and private user profile data. See
236+
[the scopes docs][scopes] for a full list of
239237
scopes. You should **only** request scopes that your application actually needs,
240238
in order to not frighten users with potentially invasive actions. The `201`
241239
status code tells us that the call was successful, and the JSON returned
@@ -248,8 +246,8 @@ in the [X-GitHub-OTP request header][2fa header]:
248246

249247
<pre class="terminal">
250248
$ curl -i -u &lt;your_username&gt; -H "X-GitHub-OTP: &lt;your_2fa_OTP_code&gt;" \
251-
-d '{"scopes": ["repo", "public_repo", "user", "gist"], \
252-
"note": "getting-started"}' https://api.github.com/authorizations
249+
-d '{"scopes": ["repo", "user"], "note": "getting-started"}' \
250+
https://api.github.com/authorizations
253251
</pre>
254252

255253
If you enabled 2FA with a mobile application, go ahead and get an OTP code from

0 commit comments

Comments
 (0)