@@ -74,6 +74,28 @@ header:
7474 <access_token>e72e16c7e42f292c6912e7710c838347ae178b4a</access_token>
7575</OAuth>
7676
77+
78+ ####Requested scopes vs. granted scopes
79+
80+ The` scope ` attribute lists scopes attached to the token that were granted by
81+ the user. Normally, these scopes will be identical to what you requested.
82+ However, users[ will soon be able to edit their scopes] [ oauth changes blog ] , effectively
83+ granting your application less access than you originally requested. Also, users
84+ will also be able to edit token scopes after the OAuth flow completed.
85+ You should be aware of this possibility and adjust your application's behavior
86+ accordingly.
87+
88+ It is important to handle error cases where a user chooses to grant you
89+ less access than you originally requested. For example, applications can warn
90+ or otherwise communicate with their users that they will see reduced
91+ functionality or be unable to perform some actions.
92+
93+ Also, applications can always send users back through the flow again to get
94+ additional permission, but don’t forget that users can always say no.
95+
96+ Check out the[ Basics of Authentication guide] [ basics auth guide ] which
97+ provides tips on handling modifiable token scopes.
98+
7799###3. Use the access token to access the API
78100
79101The access token allows you to make requests to the API on a behalf of a user.
@@ -331,3 +353,5 @@ links that might be of help:
331353* [ Ruby Warden strategy] ( https://github.com/atmos/warden-github )
332354
333355[ app-listing ] :https://github.com/settings/applications
356+ [ oauth changes blog ] :/changes/2013-10-04-oauth-changes-coming/
357+ [ basics auth guide ] :/guides/basics-of-authentication/