API for determining Personal Access Token scopes?

Is there a way to retrieve the current scopes for a Personal Access Token (PAT)?

Use Case :

As an organization owner, I want to know the scopes currently granted to a PAT for a member of my organization that has been leaked.

Thanks,

–Hal

1 Like

Got the answer from Ivan support:

If it hadn’t been revoked, you could have figured our which scopes it has by making any API call with that token (https://developer.github.com/v3/#authentication) and then looking at the X-OAuth-Scopes response header. That header tells you which scopes the token has.

I’ve spent so much time staring at JSON that I forgot about the HTTP headers. /o\

Thanks, Ivan!

3 Likes