@@ -196,7 +196,7 @@ Also, the [**Authorizations API**][authorizations api] makes it simple to use Ba
196196to create an OAuth token. Try pasting and running the following command:
197197
198198<pre class =" terminal " >
199- $ curl -i -u< ; your_username> ; -d '{"scopes": ["repo"], "note": "getting-started"}' \
199+ $ curl -i -u< ; your_username> ; -d '{"scopes": ["repo", "user" ], "note": "getting-started"}' \
200200 https://api.github.com/authorizations
201201
202202HTTP/1.1 201 Created
@@ -205,7 +205,8 @@ Content-Length: 384
205205
206206{
207207 "scopes": [
208- "repo"
208+ "repo",
209+ "user"
209210 ],
210211 "token": "5199831f4dd3b79e7c5b7e0ebe75d67aa66e79d4",
211212 "updated_at": "2012-11-14T14:04:24Z",
@@ -230,7 +231,9 @@ Next, let's look at the `scopes` we're sending over in this call. When creating
230231a new token, we include an optional array of[ _ scopes_ ] [ scopes ] , or access
231232levels, that indicate what information this token can access. In this case,
232233we're setting up the token with_ repo_ access, which grants access to read and
233- write to private repositories. See[ the scopes docs] [ scopes ] for a full list of
234+ write to public and private repositories, and_ user_ scope, which grants read
235+ and write access to public and private user profile data. See
236+ [ the scopes docs] [ scopes ] for a full list of
234237scopes. You should** only** request scopes that your application actually needs,
235238in order to not frighten users with potentially invasive actions. The` 201 `
236239status code tells us that the call was successful, and the JSON returned
@@ -243,7 +246,7 @@ in the [X-GitHub-OTP request header][2fa header]:
243246
244247<pre class =" terminal " >
245248$ curl -i -u< ; your_username> ; -H "X-GitHub-OTP:< ; your_2fa_OTP_code> ; " \
246- -d '{"scopes": ["repo"], "note": "getting-started"}' \
249+ -d '{"scopes": ["repo", "user" ], "note": "getting-started"}' \
247250 https://api.github.com/authorizations
248251</pre >
249252
