403 Forbidden on /version API endpoint using a access_token scoped with read_user,openid,profile,email

403 Forbidden is returned on the /version API endpoint using a access token scoped with read_user,openid,profile,email. Isn't this a bit too strict?

As part of @hfyngvason's work to enable authentication with GitLab where group membership was considered, a new API endpoint was developed for GitLab itself. This was released as part of GitLab 12.4. So, we ended up using the /version endpoint to determine what API is available. But, we don't get access after receiving an access token, unless we request the api scope. That is a lot to request in order to just read the version of the GitLab instance.

Could we make the /version endpoint available to all authenticated users? It actually sais in the documentation here: https://docs.gitlab.com/ee/api/version.html, that the endpoint should Responds 200 OK for authenticated users.. It does return an OK status with version if I use the Web UI and sign in etc, but if i use an access token with the scope ``read_user,openid,profile,email` it doesn't.

Edited by Hordur Freyr Yngvason