mirror of
https://codeberg.org/forgejo/docs.git
synced 2024-11-24 18:09:26 -05:00
docs: user: authentication: move token scope out of the oauth2 section
# Conflicts: # user/token-scope.md
This commit is contained in:
parent
5528363904
commit
38474aaa62
3 changed files with 48 additions and 39 deletions
|
@ -30,11 +30,12 @@ involved in running it on their machines.
|
|||
- [Issue and Pull Request Templates](issue-pull-request-templates)
|
||||
- [Actions](actions)
|
||||
- [Merge Message templates](merge-message-templates)
|
||||
- [Generating an Access Token](https://docs.codeberg.org/advanced/access-token/)
|
||||
- [Webhooks](webhooks)
|
||||
- Authentication
|
||||
- [Generating an Access Token](https://docs.codeberg.org/advanced/access-token/)
|
||||
- [Access Token scope](token-scope)
|
||||
- [LDAP, PAM, FreeIPA](authentication)
|
||||
- [OAuth2, Scoped Tokens, Client Types](oauth2-provider)
|
||||
- [OAuth2, Client Types](oauth2-provider)
|
||||
- [Semantic version](semver)
|
||||
- [API Usage](api-usage)
|
||||
- [API Reference](https://codeberg.org/api/swagger)
|
||||
|
|
|
@ -28,43 +28,7 @@ To use the Authorization Code Grant as a third party application it is required
|
|||
|
||||
## Scoped Tokens
|
||||
|
||||
Forgejo supports scoped access tokens, which allow users to restrict tokens to operate only on selected url routes. Scopes are grouped by high-level API routes, and further refined to the following:
|
||||
|
||||
- `read`: `GET` routes
|
||||
- `write`: `POST`, `PUT`, `PATCH`, and `DELETE` routes (in addition to `GET`)
|
||||
|
||||
Forgejo token scopes are as follows:
|
||||
|
||||
| Name | Description |
|
||||
| ----------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| **(no scope)** | Not supported. A scope is required even for public repositories. |
|
||||
| **activitypub** | `activitypub` API routes: ActivityPub related operations. |
|
||||
| **read:activitypub** | Grants read access for ActivityPub operations. |
|
||||
| **write:activitypub** | Grants read/write/delete access for ActivityPub operations. |
|
||||
| **admin** | `/admin/*` API routes: Site-wide administrative operations (hidden for non-admin accounts). |
|
||||
| **read:admin** | Grants read access for admin operations, such as getting cron jobs or registered user emails. |
|
||||
| **write:admin** | Grants read/write/delete access for admin operations, such as running cron jobs or updating user accounts. |
|
||||
| **issue** | `issues/*`, `labels/*`, `milestones/*` API routes: Issue-related operations. |
|
||||
| **read:issue** | Grants read access for issues operations, such as getting issue comments, issue attachments, and milestones. |
|
||||
| **write:issue** | Grants read/write/delete access for issues operations, such as posting or editing an issue comment or attachment, and updating milestones. |
|
||||
| **misc** | miscellaneous and settings top-level API routes. |
|
||||
| **read:misc** | Grants read access to miscellaneous operations, such as getting label and gitignore templates. |
|
||||
| **write:misc** | Grants read/write/delete access to miscellaneous operations, such as markup utility operations. |
|
||||
| **notification** | `notification/*` API routes: user notification operations. |
|
||||
| **read:notification** | Grants read access to user notifications, such as which notifications users are subscribed to and read new notifications. |
|
||||
| **write:notification** | Grants read/write/delete access to user notifications, such as marking notifications as read. |
|
||||
| **organization** | `orgs/*` and `teams/*` API routes: Organization and team management operations. |
|
||||
| **read:organization** | Grants read access to org and team status, such as listing all orgs a user has visibility to, teams, and team members. |
|
||||
| **write:organization** | Grants read/write/delete access to org and team status, such as creating and updating teams and updating org settings. |
|
||||
| **package** | `/packages/*` API routes: Packages operations |
|
||||
| **read:package** | Grants read access to package operations, such as reading and downloading available packages. |
|
||||
| **write:package** | Grants read/write/delete access to package operations. Currently the same as `read:package`. |
|
||||
| **repository** | `/repos/*` API routes except `/repos/issues/*`: Repository file, pull-request, and release operations. |
|
||||
| **read:repository** | Grants read access to repository operations, such as getting repository files, releases, collaborators. |
|
||||
| **write:repository** | Grants read/write/delete access to repository operations, such as getting updating repository files, creating pull requests, updating collaborators. |
|
||||
| **user** | `/user/*` and `/users/*` API routes: User-related operations. |
|
||||
| **read:user** | Grants read access to user operations, such as getting user repo subscriptions and user settings. |
|
||||
| **write:user** | Grants read/write/delete access to user operations, such as updating user repo subscriptions, followed users, and user settings. |
|
||||
See the [Access Token scope](../token-scope) section for more information.
|
||||
|
||||
## Client types
|
||||
|
||||
|
|
44
user/token-scope.md
Normal file
44
user/token-scope.md
Normal file
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
layout: '~/layouts/Markdown.astro'
|
||||
title: 'Access Token scope'
|
||||
license: 'Apache-2.0'
|
||||
origin_url: 'https://github.com/go-gitea/gitea/blob/62ac3251fa545d32bdfc9ff824106b97ec63edbb/docs/content/doc/development/oauth2-provider.en-us.md'
|
||||
---
|
||||
|
||||
Forgejo supports scoped access tokens, which allow users to restrict tokens to operate only on selected url routes. Scopes are grouped by high-level API routes, and further refined to the following:
|
||||
|
||||
- `read`: `GET` routes
|
||||
- `write`: `POST`, `PUT`, `PATCH`, and `DELETE` routes (in addition to `GET`)
|
||||
|
||||
Forgejo token scopes are as follows:
|
||||
|
||||
| Name | Description |
|
||||
| ----------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| **(no scope)** | Not supported. A scope is required even for public repositories. |
|
||||
| **activitypub** | `activitypub` API routes: ActivityPub related operations. |
|
||||
| **read:activitypub** | Grants read access for ActivityPub operations. |
|
||||
| **write:activitypub** | Grants read/write/delete access for ActivityPub operations. |
|
||||
| **admin** | `/admin/*` API routes: Site-wide administrative operations (hidden for non-admin accounts). |
|
||||
| **read:admin** | Grants read access for admin operations, such as getting cron jobs or registered user emails. |
|
||||
| **write:admin** | Grants read/write/delete access for admin operations, such as running cron jobs or updating user accounts. |
|
||||
| **issue** | `issues/*`, `labels/*`, `milestones/*` API routes: Issue-related operations. |
|
||||
| **read:issue** | Grants read access for issues operations, such as getting issue comments, issue attachments, and milestones. |
|
||||
| **write:issue** | Grants read/write/delete access for issues operations, such as posting or editing an issue comment or attachment, and updating milestones. |
|
||||
| **misc** | miscellaneous and settings top-level API routes. |
|
||||
| **read:misc** | Grants read access to miscellaneous operations, such as getting label and gitignore templates. |
|
||||
| **write:misc** | Grants read/write/delete access to miscellaneous operations, such as markup utility operations. |
|
||||
| **notification** | `notification/*` API routes: user notification operations. |
|
||||
| **read:notification** | Grants read access to user notifications, such as which notifications users are subscribed to and read new notifications. |
|
||||
| **write:notification** | Grants read/write/delete access to user notifications, such as marking notifications as read. |
|
||||
| **organization** | `orgs/*` and `teams/*` API routes: Organization and team management operations. |
|
||||
| **read:organization** | Grants read access to org and team status, such as listing all orgs a user has visibility to, teams, and team members. |
|
||||
| **write:organization** | Grants read/write/delete access to org and team status, such as creating and updating teams and updating org settings. |
|
||||
| **package** | `/packages/*` API routes: Packages operations |
|
||||
| **read:package** | Grants read access to package operations, such as reading and downloading available packages. |
|
||||
| **write:package** | Grants read/write/delete access to package operations. Currently the same as `read:package`. |
|
||||
| **repository** | `/repos/*` API routes except `/repos/issues/*`: Repository file, pull-request, and release operations. |
|
||||
| **read:repository** | Grants read access to repository operations, such as getting repository files, releases, collaborators. |
|
||||
| **write:repository** | Grants read/write/delete access to repository operations, such as getting updating repository files, creating pull requests, updating collaborators. |
|
||||
| **user** | `/user/*` and `/users/*` API routes: User-related operations. |
|
||||
| **read:user** | Grants read access to user operations, such as getting user repo subscriptions and user settings. |
|
||||
| **write:user** | Grants read/write/delete access to user operations, such as updating user repo subscriptions, followed users, and user settings. |
|
Loading…
Reference in a new issue