Determine authorization scopes for a given Github token

Question

My application uses Github's Oauth. Suppose that:

• in version 1, the app required only basic authorization (scopes = [])
• in version 2, the app required R/W access to public repos (scope = ['public_repo'])

Some users have not logged in yet since the upgrade.

Now I have some tokens with greater authorization capabilities then others. How do I tell them apart? In other words, how can I ask Github: "Hey, I have this oauth token... what can I do with it?"

Answer 1

You can make any GitHub API request and read the value of the X-OAuth-Scopes header to see which scopes were supplied with the token. Using /rate_limit won't count against your app's rate limit.

curl -I -H 'Authorization: token <token>' https://api.github.com/rate_limit
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Oct 2012 23:48:37 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Status: 200 OK
Content-Length: 61
X-GitHub-Media-Type: github.beta
X-RateLimit-Remaining: 4999
X-RateLimit-Limit: 5000
X-OAuth-Scopes: public_repo
Cache-Control: 
X-Content-Type-Options: nosniff