39 lines
1.4 KiB
Markdown
39 lines
1.4 KiB
Markdown
---
|
|
id: 1052e91d-58ed-4308-87e8-e01d1143a146
|
|
type: problem
|
|
title: "Gitea API 403 Forbidden - insufficient token scopes"
|
|
tags: [gitea, api, authentication, "403", token, scopes, troubleshooting, homelab]
|
|
importance: 0.7
|
|
confidence: 0.8
|
|
created: "2026-02-04T05:10:33.498045+00:00"
|
|
updated: "2026-03-01T06:21:02.691161+00:00"
|
|
relations:
|
|
- target: 13c13f73-fe1d-4227-a3d1-45498f8d3d3b
|
|
type: REQUIRES
|
|
direction: incoming
|
|
strength: 0.5
|
|
- target: b27fb831-811e-4103-b5f1-3c36d5b1ad20
|
|
type: RELATED_TO
|
|
direction: incoming
|
|
strength: 0.8
|
|
edge_id: d473792e-db72-4c96-a394-e9bd747d841d
|
|
---
|
|
|
|
PROBLEM: Gitea API returned 403 Forbidden with message 'token does not have at least one of required scope(s): [read:user]'
|
|
|
|
ROOT CAUSE: API token was created without proper scopes/permissions selected in Gitea web UI.
|
|
|
|
SOLUTION: When creating Gitea API tokens:
|
|
1. Go to Settings > Applications > Generate New Token
|
|
2. MUST select appropriate scopes:
|
|
- 'read:user' - required for user info endpoints
|
|
- 'write:repository' or 'repo' - required for branch protection
|
|
- Or select 'repo' (full repository access) which includes both
|
|
|
|
TESTING: Verify token scopes with:
|
|
curl -H 'Authorization: token YOUR_TOKEN' https://git.manticorum.com/api/v1/user
|
|
|
|
ERROR PATTERN: Look for 'does not have at least one of required scope(s)' in 403 responses.
|
|
|
|
RELATED: For authenticated user's repos, use /api/v1/user/repos instead of /api/v1/users/{username}/repos
|