Creating a scoped token

Normally scopes are added to a token in the web flow we looked at in Section 1. In that example, Site #1 would specify what scopes it needs when it sends the user to Site #2 to authorize access. These scopes are presented to the user on the authorize screen on Site #2 so the user can decide whether or not to trust Site #1 with that level of access.

When we're creating tokens via the Authorizations API like we did in Section 2, we can just specify the ones we need in the POST body.


Let's create a token with repo:status scope by passing ["repo:status"] for :scopes in the POST parameters.