Scopes for application tokens

[aunger]

Allow authentication tokens to be limited in scope. Maybe something like GitHub:

https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

[randomchance]

This would be pretty nice to have, especially for build authorizations.

[mpfaff]

Are there any plans for this? I don't feel comfortable at all with giving every app full access to my Gitea account.

[mcansky]

what can we do to help for this ?

[lunny]

Send a PR. :)

[Jean-Baptiste-Lasselle]

Send a PR. :)

All scopes support in one PR? you made me sincerely laugh ^^ , nevertheless, it would really be awesome to have the concept of Oauth Apps onto gitea,making it it a real social platform

[Coding-Kiwi]

If I understand correctly, if I currently authorize an app it can use that oauth access_token to make a request to /users/{username}/tokens to generate an unlimited, non-expiring access token which then renders the whole oauth expiry/refresh logic useless.

EDIT: nope, the /users/{username}/tokens requires basic auth. Scopes would be awesome nontheless