Claude Code
auth
GitHub Token Missing Required Scopes
When Claude Code attempts to access a GitHub repository, it receives 403 Forbidden errors despite having a valid GitHub token. The token was generated with limited scopes and lacks permissions needed for repository operations.
This manifests when the user's OAuth flow doesn't request all necessary scopes, or when GitHub's scope requirements change but the CLI isn't updated.
Error Messages You Might See
API Error: 403 Forbidden
Insufficient permissions to access repository
GET https://api.github.com/repos/owner/repo returned 403
Common Causes
- OAuth scopes missing 'repo' or 'repo:read' permission during token generation
- Missing 'workflow' scope needed to read GitHub Actions
- OAuth flow hardcoded to minimal scopes instead of asking user for authorization
- Token generated with 'public_repo' only, but accessing private repository
- Admin repository access required but not requested during OAuth
How to Fix It
Request scopes: ['repo', 'user', 'gist', 'workflow', 'admin:repo_hook'] during OAuth flow. Display to user which scopes are being requested and why. Provide a 're-authorize' command to upgrade existing tokens. Store scope metadata with tokens to validate permissions before operations.
Real developers can help you.
Dor Yaloz
SW engineer with 6+ years of experience,
I worked with React/Node/Python
did projects with React+Capacitor.js for ios
Supabase expert
Omar Faruk
As a Product Engineer at Klasio, I contributed to end-to-end product development, focusing on scalability, performance, and user experience.
My work spanned building and refining core features, developing dynamic website templates, integrating secure and reliable payment gateways, and optimizing the overall system architecture.
I played a key role in creating a scalable and maintainable platform to support educators and learners globally.
I'm enthusiastic about embracing new challenges and making meaningful contributions.
Alvin Voo
I’ve watched the tech landscape evolve over the last decade—from the structured days of Java Server Pages to the current "wild west" of Agentic-driven development. While AI can "vibe" a frontend into existence, I specialize in the architecture that keeps it from collapsing.
My expertise lies in the critical backend infrastructure: the parts that must be fast, secure, and scalable. I thrive on high-pressure environments, such as when I had only three weeks to architect and launch an Ethereum redemption system with minimal prior crypto knowledge, turning it into a major revenue stream.
What I bring to your project:
Forensic Debugging: I don't just "patch" bugs; I use tools like Datadog and Explain Analyzers to map out bottlenecks and resolve root causes—like significantly reducing memory usage by optimizing complex DB joins.
Full-Stack Context: Deep experience in Node.js and React, ensuring backends play perfectly with mobile and web teams.
Sanity in the Age of AI: I bridge the gap between "best practices" and modern speed, ensuring your project isn't just built fast, but built to last.
Luca Liberati
I work on monoliths and microservices, backends and frontends, manage K8s clusters and love to design apps architecture
Rudra Bhikadiya
I build and fix web apps across Next.js, Node.js, and DBs.
Comfortable jumping into messy code, broken APIs, and mysterious bugs.
If your project works in theory but not in reality, I help close that gap.
MFox
Full-stack professional senior engineer (15+years). Extensive experience in software development, qa, and IP networking.
Jaime Orts-Caroff
I'm a Senior Android developer, open to work in various fields
rayush33
JavaScript (React.js, React Native, Node.js) Developer with demonstrated industry experience of 4+ years, actively looking for opportunities to hone my skills as well as help small-scale business owners with solutions to technical problems
Stanislav Prigodich
15+ years building iOS and web apps at startups and enterprise companies. I want to use that experience to help builders ship real products - when something breaks, I'm here to fix it.
Milan Surelia
Milan Surelia is a Mobile App Developer with 5+ years of experience crafting scalable, cross-platform apps at 7Span and Meticha. At 7Span, he engineers feature-rich Flutter apps with smooth performance and modern UI. As the Co-Founder of Meticha, he builds open-source tools and developer-focused products that solve real-world problems.
Expertise:
💡 Developing cross-platform apps using Flutter, Dart, and Jetpack Compose for Android, iOS, and Web.
🖋️ Sharing insights through technical writing, blogging, and open-source contributions.
🤝 Collaborating closely with designers, PMs, and developers to build seamless mobile experiences.
Notable Achievements:
🎯 Revamped the Vepaar app into Vepaar Store & CRM with a 2x performance boost and smoother UX.
🚀 Launched Compose101 — a Jetpack Compose starter kit to speed up Android development.
🌟 Open source contributions on Github & StackOverflow for Flutter & Dart
🎖️ Worked on improving app performance and user experience with smart solutions.
Milan is always happy to connect, work on new ideas, and explore the latest in technology.
You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.
Get HelpFrequently Asked Questions
What are the minimum GitHub scopes needed?
At minimum: repo (full repository access), user (user profile), and workflow (GitHub Actions). Add admin:repo_hook if managing webhooks.
Can scopes be changed without re-authenticating?
No. Users must re-authorize via the OAuth flow to grant additional scopes. Provide a clear CLI command to trigger re-authorization.
How should scope changes be handled in updates?
Detect when your scopes change. Prompt users to re-authorize on next CLI run, explaining what new permissions are needed and why.