From beb2f86a521271110342194e317c1fc5a4b23e6d Mon Sep 17 00:00:00 2001
From: Drew DeVault <sir@cmpwn.com>
Date: Thu, 14 May 2020 13:17:26 -0400
Subject: [PATCH] API: permit more kinds of "*" OAuth scopes

---
 api/auth/auth.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/auth/auth.go b/api/auth/auth.go
index 43cd6f2..48cdde3 100644
--- a/api/auth/auth.go
+++ b/api/auth/auth.go
@@ -238,7 +238,7 @@ Expected 'Authorization: Bearer <token>'`, http.StatusForbidden)
 				return
 			}
 
-			if scopes != "*" {
+			if scopes != "*" && scopes != "*:read" && scopes != "*:write" {
 				authError(w, "Presently, OAuth authentication to the GraphQL API is only supported for OAuth tokens with all permissions, namely '*'.", http.StatusForbidden)
 				return
 			}
-- 
2.38.4