Is there a way to retrieve the current scopes for a Personal Access Token (PAT)?
As an organization owner, I want to know the scopes currently granted to a PAT for a member of my organization that has been leaked.
Solved! Solved! Go to Solution.
Got the answer from Ivan support:
If it hadn't been revoked, you could have figured our which scopes it has by making any API call with that token (https://developer.github.com/v3/#authentication) and then looking at the X-OAuth-Scopes response header. That header tells you which scopes the token has.
I've spent so much time staring at JSON that I forgot about the HTTP headers. /o\