github-mcp-server/script/get-token-scopes at 29f6acdbace952841eef42a8dfb975308ec70011 · github/github-mcp-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/bin/bash
#
# Fetch OAuth scopes granted to a personal access token.
#
# Usage:
#   script/get-token-scopes --token=...
#
# Requires a token to be provided explicitly via --token.

set -euo pipefail

HOST="https://api.github.com"
TOKEN=""

usage() {
  cat <<'EOF'
Usage:
  script/get-token-scopes --token=...

Options:
  --token=TOKEN   Personal access token (required)
  -h, --help      Show this help message
EOF
}

for arg in "$@"; do
  case "$arg" in
    --token=*)
      TOKEN="${arg#*=}"
      ;;
    -h|--help)
      usage
      exit 0
      ;;
    *)
      echo "Unknown argument: $arg" >&2
      usage
      exit 1
      ;;
  esac
done

if [[ -z "${TOKEN}" ]]; then
  echo "--token is required." >&2
  exit 1
fi

API="${HOST%/}/user"

headers=$(curl -fsSL -D - -o /dev/null -H "Authorization: Bearer ${TOKEN}" "${API}" || true)

if [[ -z "$headers" ]]; then
  echo "Failed to fetch headers from ${API}. Check connectivity and host URL." >&2
  exit 1
fi

status=$(printf "%s\n" "$headers" | head -n1)
if ! printf "%s" "$status" | grep -q " 200 "; then
  echo "Request failed (${status}). Check that the token is valid for ${HOST}." >&2
  exit 1
fi

scopes=$(printf "%s\n" "$headers" | grep -i '^x-oauth-scopes:' | cut -d':' -f2- | sed 's/^[[:space:]]*//' | tr -d '\r')

if [[ -z "$scopes" ]]; then
  echo "No X-OAuth-Scopes header returned. The token may be invalid or lacks scopes." >&2
  exit 1
fi

echo "Scopes for token:"
printf '%s\n' "$scopes" | tr ',' '\n' | sed 's/^[[:space:]]*//' | sed '/^$/d'