Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 3
Message 1 of 2

API for determining Personal Access Token scopes?

Solved! Go to Solution.

Is there a way to retrieve the current scopes for a Personal Access Token (PAT)?

 

Use Case:

As an organization owner, I want to know the scopes currently granted to a PAT for a member of my organization that has been leaked.

 

Thanks,

--Hal

1 Reply
Solution
Copilot Lvl 3
Message 2 of 2

Re: API for determining Personal Access Token scopes?

Got the answer from Ivan support:

 

If it hadn't been revoked, you could have figured our which scopes it has by making any API call with that token (https://developer.github.com/v3/#authentication) and then looking at the X-OAuth-Scopes response header. That header tells you which scopes the token has.

 

I've spent so much time staring at JSON that I forgot about the HTTP headers. /o\

Thanks, Ivan!