Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

REST API OAuth Scopes response headers

Jan Šťastný January 13, 2023


when invoking REST API using App Password on, the response headers' property x-oauth-scopes does not contain write-related scopes like repository:write or snippet:write, just the read-related headers repository, snippet

EDITED: this was caused by cache in browser and etag header being used. Thus the problem here is generally having access to the x-oauth-scopes header when in CORS mode. See my comment below.

I actually have generated App Password having selected all the available scopes, but the listed values in response headers do not show.

Why is it so and is there a way how to list all the scopes? I need to reflect the capabilities in the app I am writing.

1 answer

0 votes
Jan Šťastný January 13, 2023

Looks like cors related issue:

It seems that the response header

access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Type, ETag, Last-Modified

should mention `X-OAuth-Scopes` which it does not, as far as I can tell.

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events