# Scopes

This article introduces the meaning of several common social login authorization scope parameters.

# Introduction to Scope

Many social logins are based on the OAuth 2.0 protocol, where the meaning of Scope is: the permission required to request the user to grant. For example, when we want the user to grant us his Github repository read and write permissions, when we initiate an authorized login, we must add the repo field to the scope parameter.

In Authing console (opens new window) > Connect Identity Source-Social Login, select a social login tab, and check to initiate authorization Request the user to grant permissions when logging in:

# Github

Scope parameter Description
(no scope) Grantread-only access to的public information(including public user profile information, public warehouse information and gist)
repo Grant full access to private and public repositories. This includes read/write access for code, submission status, warehouse and organization projects, invitations, collaborators, adding team members, deployment status, and Webhook read/ for public and private warehouses and organization warehouses Write access rights. It also grants the ability to manage user projects.
repo:status Grant read/write access to public and private repository submission status. This scope is only necessary when granting other users or services access to the private warehouse submission status, and no need to grant access to the code.
repo_deployment Grant access to the deployment status of public and private repositories. This scope is only needed when granting other users or services access to the deployment state, and not granting access to the code.
public_repo Limited to access to public repo. This includes read/write access to code, submission status, warehouse projects, collaborators, and deployment status of public warehouses and organizations. This scope is also required for starring public warehouses.
repo:invite Grant Accept/Reject Invitation the ability to collaborate on the warehouse. This scope is only needed when granting other users or service invitation permissions, but not granting access to the code.
admin:repo_hook 授予对公开和私有仓库中的仓库 hook 的读取,写入,ping 和删除访问权限。 repo 和 public_repo 授权范围会授予对仓库的完全访问权限,包括仓库 hook。 使用 admin:repo_hook 授权范围将授权限制为仓库 hook。
write:repo_hook Grant access to read, write and ping access to hooks in public or private repositories.
read:repo_hook Grant read and ping access rights to hooks in public or private repositories.
admin:org All permissions to manage the organization and its teams, projects and members.
write:org Read and write access to organization members, organization projects, and team member identities.
read:org Read-only access to organization members, organization projects, and team membership.
admin:public_key Permission to manage all public keys
write:public_key Permission to create and view public key list and details
read:public_key Permission to view public key list and details
admin:org_hook Grant read, write, ping and delete access permissions to organization hook. Note: OAuth tokens can only perform operations on organizational hooks created by OAuth applications. Personal access tokens can only perform these operations on organizational hooks created by users themselves.
gist Grant write permission to gist
notifications Grant: * Read permissions for user notifications * Mark threads as read permissions * Watch and unwatch permissions on the warehouse * Read/write and delete thread subscription permissions
user Grant read and write permissions to user data. Note that this scope includes user:email and user:follow.
read:user Grant access to user data
user:email Grant read permission to user's email address
user:follow Grant permission to user unfollow other users
delete_repo Grant Delete User Manageable Repo permission
write:discussion Grant Read/Write Team Discussion permissions
read:discussion Grant read-only permission for team discussion
write:packages Grant access to upload or publish packages in GitHub Packages. For more information, see "Publishing Packages" in GitHub Help Document (opens new window).
read:packages Grant access to download or install packages from GitHub Packages. For more information, see "Installing Packages" in GitHub Help Document (opens new window).
delete:packages Grant access to delete packages from GitHub Packages. For more information, see "Deleting Packages" in GitHub Help Document (opens new window).
admin:gpg_key Manage all permissions of GPG key
write:gpg_key Create new, view GPG key list and detailed permissions
read:gpg_key View the GPG key list and detailed permissions
workflow Grant the ability to add and update GitHub Actions workflow files. If the same file (with the same path and content) exists on another branch in the same warehouse, you can submit the workflow file without this scope.

# Wechat mobile web page

Scope name Description
snsapi_base Grant the ability to exchange code for access_token, refresh_token and authorized scope
snsapi_userinfo Access to user personal information
snsapi_login Only for PC-side scan code login

Snsapi_base belongs to the basic interface. If the application already has other scope permissions, it will have snsapi_base permissions by default. Using snsapi_base allows mobile web page authorization to bypass the action of requesting user authorization from the authorization login page, and directly jump to the third-party web page with authorization temporary ticket (code), but it will make the user authorized scope (scope) only snsapi_base , Resulting in the inability to obtain data and basic functions that require user authorization.

Using snsapi_base will skip the user's confirmation click, and then use code in exchange for access_token, and access_token can also exchange for user information.

# Sina Weibo

Scope parameter Description
all Request all the following scope permissions
email User's contact email, interface document (opens new window)
direct_messages_write Private message sending interface, interface document (opens new window)
direct_messages_read Private message read interface, interface document (opens new window)
invitation_write Invitation sending interface, interface document (opens new window)
friendships_groups_read Friends group reading interface group, [interface document](http://open.weibo.com/wiki/API%E6%96%87%E6%A1%A3_V2#.E5.A5.BD.E5. 8F.8B.E5.88.86.E7.BB.84)
friendships_groups_write Friends group write interface group, [interface document](http://open.weibo.com/wiki/API%E6%96%87%E6%A1%A3_V2#.E5.A5.BD.E5. 8F.8B.E5.88.86.E7.BB.84)
statuses_to_me_read Directional Weibo reading interface group, [interface document](http://open.weibo.com/wiki/API%E6%96%87%E6%A1%A3_V2#.E5.BE.AE.E5 .8D.9A)
follow_app_official_microblog Follow the official microblog of the application. This parameter does not correspond to a specific interface. Just fill in the official account in the application console. Fill in the path: My application-choose your own application-application information-basic information-official operating account (the default value is the application developer account)

# QQ

Scope parameter Description
get_user_info Get the nickname, avatar, and gender of the logged-in user, interface document (opens new window)
list_photo Get the list of photos in the user's QQ space album, interface document (opens new window)
add_album Create a new personal album in the user’s space album, interface document (opens new window)
upload_pic Upload a photo to the QQ space album, interface document (opens new window)
list_album Get the user's QQ space album list, interface document (opens new window)
get_vip_rich_info Get advanced information of QQ members, interface document (opens new window)
get_vip_info Get the basic information of QQ members, interface document (opens new window)

# Next you may need:

Refresh the three-party tokens such as Github and WeChat:

Authing - Node/JavaScript