# Scopes

Scopes
- Introduction to Scope
- Github
Wechat mobile web page

This article introduces the meaning of several common social login authorization scope parameters.

# Introduction to Scope

Many social logins are based on the OAuth 2.0 protocol, where the meaning of Scope is: the permission required to request the user to grant. For example, when we want the user to grant us his Github repository read and write permissions, when we initiate an authorized login, we must add the repo field to the scope parameter.

In Authing console (opens new window) > Connect Identity Source-Social Login, select a social login tab, and check to initiate authorization Request the user to grant permissions when logging in:

# Github

Scope parameter	Description
`(no scope)`	Grantread-only access to的public information（including public user profile information, public warehouse information and gist）
`repo`	Grant full access to private and public repositories. This includes read/write access for code, submission status, warehouse and organization projects, invitations, collaborators, adding team members, deployment status, and Webhook read/ for public and private warehouses and organization warehouses Write access rights. It also grants the ability to manage user projects.
`repo:status`	Grant read/write access to public and private repository submission status. This scope is only necessary when granting other users or services access to the private warehouse submission status, and no need to grant access to the code.
`repo_deployment`	Grant access to the deployment status of public and private repositories. This scope is only needed when granting other users or services access to the deployment state, and not granting access to the code.
`public_repo`	Limited to access to public repo. This includes read/write access to code, submission status, warehouse projects, collaborators, and deployment status of public warehouses and organizations. This scope is also required for starring public warehouses.
`repo:invite`	Grant Accept/Reject Invitation the ability to collaborate on the warehouse. This scope is only needed when granting other users or service invitation permissions, but not granting access to the code.
`admin:repo_hook`	授予对公开和私有仓库中的仓库 hook 的读取，写入，ping 和删除访问权限。 repo 和 public_repo 授权范围会授予对仓库的完全访问权限，包括仓库 hook。使用 admin:repo_hook 授权范围将授权限制为仓库 hook。
`write:repo_hook`	Grant access to read, write and ping access to hooks in public or private repositories.
`read:repo_hook`	Grant read and ping access rights to hooks in public or private repositories.
`admin:org`	All permissions to manage the organization and its teams, projects and members.
`write:org`	Read and write access to organization members, organization projects, and team member identities.
`read:org`	Read-only access to organization members, organization projects, and team membership.
`admin:public_key`	Permission to manage all public keys
`write:public_key`	Permission to create and view public key list and details
`read:public_key`	Permission to view public key list and details
`admin:org_hook`	Grant read, write, ping and delete access permissions to organization hook. Note: OAuth tokens can only perform operations on organizational hooks created by OAuth applications. Personal access tokens can only perform these operations on organizational hooks created by users themselves.
`gist`	Grant write permission to gist
`notifications`	Grant: * Read permissions for user notifications * Mark threads as read permissions * Watch and unwatch permissions on the warehouse * Read/write and delete thread subscription permissions
`user`	Grant read and write permissions to user data. Note that this scope includes `user:email` and `user:follow`.
`read:user`	Grant access to user data
`user:email`	Grant read permission to user's email address
`user:follow`	Grant permission to user unfollow other users
`delete_repo`	Grant Delete User Manageable Repo permission
`write:discussion`	Grant Read/Write Team Discussion permissions
`read:discussion`	Grant read-only permission for team discussion
`write:packages`	Grant access to upload or publish packages in GitHub Packages. For more information, see "Publishing Packages" in GitHub Help Document (opens new window).
`read:packages`	Grant access to download or install packages from GitHub Packages. For more information, see "Installing Packages" in GitHub Help Document (opens new window).
`delete:packages`	Grant access to delete packages from GitHub Packages. For more information, see "Deleting Packages" in GitHub Help Document (opens new window).
`admin:gpg_key`	Manage all permissions of GPG key
`write:gpg_key`	Create new, view GPG key list and detailed permissions
`read:gpg_key`	View the GPG key list and detailed permissions
`workflow`	Grant the ability to add and update GitHub Actions workflow files. If the same file (with the same path and content) exists on another branch in the same warehouse, you can submit the workflow file without this scope.

# Wechat mobile web page

Scope name	Description
`snsapi_base`	Grant the ability to exchange code for access_token, refresh_token and authorized scope
`snsapi_userinfo`	Access to user personal information
`snsapi_login`	Only for PC-side scan code login

Snsapi_base belongs to the basic interface. If the application already has other scope permissions, it will have snsapi_base permissions by default. Using snsapi_base allows mobile web page authorization to bypass the action of requesting user authorization from the authorization login page, and directly jump to the third-party web page with authorization temporary ticket (code), but it will make the user authorized scope (scope) only snsapi_base , Resulting in the inability to obtain data and basic functions that require user authorization.

Using snsapi_base will skip the user's confirmation click, and then use code in exchange for access_token, and access_token can also exchange for user information.

# Sina Weibo

Scope parameter	Description
all	Request all the following scope permissions
email	User's contact email, interface document (opens new window)
direct_messages_write	Private message sending interface, interface document (opens new window)
direct_messages_read	Private message read interface, interface document (opens new window)
invitation_write	Invitation sending interface, interface document (opens new window)
friendships_groups_read	Friends group reading interface group, [interface document](http://open.weibo.com/wiki/API%E6%96%87%E6%A1%A3_V2#.E5.A5.BD.E5. 8F.8B.E5.88.86.E7.BB.84)
friendships_groups_write	Friends group write interface group, [interface document](http://open.weibo.com/wiki/API%E6%96%87%E6%A1%A3_V2#.E5.A5.BD.E5. 8F.8B.E5.88.86.E7.BB.84)
statuses_to_me_read	Directional Weibo reading interface group, [interface document](http://open.weibo.com/wiki/API%E6%96%87%E6%A1%A3_V2#.E5.BE.AE.E5 .8D.9A)
follow_app_official_microblog	Follow the official microblog of the application. This parameter does not correspond to a specific interface. Just fill in the official account in the application console. Fill in the path: My application-choose your own application-application information-basic information-official operating account (the default value is the application developer account)

# QQ

Scope parameter	Description
get_user_info	Get the nickname, avatar, and gender of the logged-in user, interface document (opens new window)
list_photo	Get the list of photos in the user's QQ space album, interface document (opens new window)
add_album	Create a new personal album in the user’s space album, interface document (opens new window)
upload_pic	Upload a photo to the QQ space album, interface document (opens new window)
list_album	Get the user's QQ space album list, interface document (opens new window)
get_vip_rich_info	Get advanced information of QQ members, interface document (opens new window)
get_vip_info	Get the basic information of QQ members, interface document (opens new window)

# Next you may need:

Refresh the three-party tokens such as Github and WeChat:

Authing - Node/JavaScript

← Login with Baidu account Configure Custom Social Connections →