Claude Code auth

GitHub Token Missing Required Scopes

When Claude Code attempts to access a GitHub repository, it receives 403 Forbidden errors despite having a valid GitHub token. The token was generated with limited scopes and lacks permissions needed for repository operations.

This manifests when the user's OAuth flow doesn't request all necessary scopes, or when GitHub's scope requirements change but the CLI isn't updated.

Error Messages You Might See

API Error: 403 Forbidden Insufficient permissions to access repository GET https://api.github.com/repos/owner/repo returned 403
API Error: 403 ForbiddenInsufficient permissions to access repositoryGET https://api.github.com/repos/owner/repo returned 403

Common Causes

  1. OAuth scopes missing 'repo' or 'repo:read' permission during token generation
  2. Missing 'workflow' scope needed to read GitHub Actions
  3. OAuth flow hardcoded to minimal scopes instead of asking user for authorization
  4. Token generated with 'public_repo' only, but accessing private repository
  5. Admin repository access required but not requested during OAuth

How to Fix It

Request scopes: ['repo', 'user', 'gist', 'workflow', 'admin:repo_hook'] during OAuth flow. Display to user which scopes are being requested and why. Provide a 're-authorize' command to upgrade existing tokens. Store scope metadata with tokens to validate permissions before operations.

Real developers can help you.

Prakash Prajapati Prakash Prajapati I’m a Senior Python Developer specializing in building secure, scalable, and highly available systems. I work primarily with Python, Django, FastAPI, Docker, PostgreSQL, and modern AI tooling such as PydanticAI, focusing on clean architecture, strong design principles, and reliable DevOps practices. I enjoy solving complex engineering problems and designing systems that are maintainable, resilient, and built to scale. Luca Liberati Luca Liberati I work on monoliths and microservices, backends and frontends, manage K8s clusters and love to design apps architecture Costea Adrian Costea Adrian Embedded Engineer specilizing in perception systems. Latest project was a adas camera calibration system. Dor Yaloz Dor Yaloz SW engineer with 6+ years of experience, I worked with React/Node/Python did projects with React+Capacitor.js for ios Supabase expert Meïr Ankri Meïr Ankri Full-stack developer specializing in React / Next.js / Node.js with 6+ years of experience. I've worked across various sectors including automotive (Reezocar/Société Générale), healthcare (Medical Link SaaS), and e-commerce (Glasman). I build web apps end-to-end, from architecture to production, with a focus on scalability, performance, and code quality. I also mentor junior developers and contribute to technical decisions and code reviews. Jared Hasson Jared Hasson Full time lead founding dev at a cyber security saas startup, with 10 yoe and a bachelor's in CS. Building & debugging software products is what I've spent my time on for forever Kingsley Omage Kingsley Omage Fullstack software engineer passionate about AI Agents, blockchain, LLMs. Nam Tran Nam Tran 10 years as fullstack developer Bastien Labelle Bastien Labelle Full stack dev w/ 20+ years of experience Caio Rodrigues Caio Rodrigues I'm a full-stack developer focused on building practical and scalable web applications. My main experience is with **React, TypeScript, and modern frontend architectures**, where I prioritize clean code, component reusability, and maintainable project structures. I have strong experience working with **dynamic forms, state management (Redux / React Hook Form), and complex data-driven interfaces**. I enjoy solving real-world problems by turning ideas into reliable software that companies can actually use in their daily operations. Beyond coding, I care about **software quality and architecture**, following best practices for componentization, code organization, and performance optimization. I'm also comfortable working across the stack when needed, integrating APIs, handling business logic, and helping transform prototypes into production-ready systems. My goal is always to deliver solutions that are **simple, efficient, and genuinely useful for the people using them.**

You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.

Get Help

Frequently Asked Questions

What are the minimum GitHub scopes needed?

At minimum: repo (full repository access), user (user profile), and workflow (GitHub Actions). Add admin:repo_hook if managing webhooks.

Can scopes be changed without re-authenticating?

No. Users must re-authorize via the OAuth flow to grant additional scopes. Provide a clear CLI command to trigger re-authorization.

How should scope changes be handled in updates?

Detect when your scopes change. Prompt users to re-authorize on next CLI run, explaining what new permissions are needed and why.

Related Claude Code Issues

OAuth Token Lost Between Sessions

auth

Authentication Middleware Not Blocking Unauthenticated Requests

auth

Configuration File Not Loaded from Environment

auth

Circular Dependency Breaking Application Startup

auth

Can't fix it yourself?
Real developers can help.

You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.

Get Help