Project access tokens do not require a scope, leading to all options checked if none are checked.

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Work on this issue
• Close this issue

Issue

If you create a project access token, then ignore the Scope selection, the response is that all options are selected. Presumably the response that should be no options are activated, yielding an account that is read only.

Concerns

• Should there be a warning that no scopes selected would yield a read only access token?
• Should the form throw a validation error stating that scopes cannot be blank.

Proposal

1. update documentation
2. update setting helper text:

• Select scopes
  • Scopes set the permission levels granted to the token. [Learn more](.../help/user/project/settings/project_access_tokens). By default, access tokens are granted read-only access to the project. You can also add the following additional permissions:

Final proposal: #343464 (comment 869010774)

CC: @cynthia @hsutor