Validate token authentication has the required API scopes
Problem to Solve
Currently the VS Code extension supports a user adding a personal access token for authentication. A personal access token with ANY scope(s) can be added. In some cases users may choose scopes that aren't compatible with the extension or don't provide all of the functionality. This creates a situation where it appears things are setup, but only later is it possible to figure out why.
Proposal
We should implement a check after the authentication is added to confirm the PAT has the required scopes of api
and read_user
.