claude-memory/graph/problems/gitea-api-403-forbidden-insufficient-token-scopes-1052e9.md

id	type	title	tags	importance	confidence	created	updated	relations
1052e91d-58ed-4308-87e8-e01d1143a146	problem	Gitea API 403 Forbidden - insufficient token scopes	gitea api authentication 403 token scopes troubleshooting homelab	0.7	0.8	2026-02-04T05:10:33.498045+00:00	2026-03-02T20:19:31.681317+00:00	target type direction strength 13c13f73-fe1d-4227-a3d1-45498f8d3d3b REQUIRES incoming 0.5 target type direction strength edge_id b27fb831-811e-4103-b5f1-3c36d5b1ad20 RELATED_TO incoming 0.8 d473792e-db72-4c96-a394-e9bd747d841d target type direction strength edge_id deb7a7c2-fcc4-4c14-8140-9c80348c2de2 RELATED_TO incoming 0.75 587784c2-6850-45fd-9f9f-d858c446a843 target type direction strength edge_id 4321bee8-105e-4fc8-b645-964d1234c966 RELATED_TO incoming 0.81 1310e0c2-bd3f-4c63-88d7-f8f12b256f1f target type direction strength edge_id 4321bee8 RELATED_TO incoming 0.7 6f36e590-5589-4eed-9c7b-8e7efd43f9c2 target type direction strength edge_id 45c21973-7fae-4cf7-b247-b40a757d54b0 RELATED_TO incoming 0.77 21f44795-4134-4ebf-b242-0d233ab82a17

PROBLEM: Gitea API returned 403 Forbidden with message 'token does not have at least one of required scope(s): [read:user]'

ROOT CAUSE: API token was created without proper scopes/permissions selected in Gitea web UI.

SOLUTION: When creating Gitea API tokens:

1. Go to Settings > Applications > Generate New Token
2. MUST select appropriate scopes:
   • 'read:user' - required for user info endpoints
   • 'write:repository' or 'repo' - required for branch protection
   • Or select 'repo' (full repository access) which includes both

TESTING: Verify token scopes with: curl -H 'Authorization: token YOUR_TOKEN' https://git.manticorum.com/api/v1/user

ERROR PATTERN: Look for 'does not have at least one of required scope(s)' in 403 responses.

RELATED: For authenticated user's repos, use /api/v1/user/repos instead of /api/v1/users/{username}/repos