gh auth refresh
gh auth refresh [flags]
Expand or fix the permission scopes for stored credentials for active account.
The --scopes flag accepts a comma separated list of scopes you want
your gh credentials to have. If no scopes are provided, the command
maintains previously added scopes.
The --remove-scopes flag accepts a comma separated list of scopes you
want to remove from your gh credentials. Scope removal is idempotent.
The minimum set of scopes (repo, read:org, and gist) cannot be removed.
The --reset-scopes flag resets the scopes for your gh credentials to
the default set of scopes for your auth flow.
If you have multiple accounts in gh auth status and want to refresh the credentials for an
inactive account, you will have to use gh auth switch to that account first before using
this command, and then switch back when you are done.
For more information on OAuth scopes, see https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps/.
Options
-h,--hostname <string>- The GitHub host to use for authentication
-
--insecure-storage - Save authentication credentials in plain text instead of credential store
-r,--remove-scopes <strings>- Authentication scopes to remove from gh
-
--reset-scopes - Reset authentication scopes to the default minimum set of scopes
-s,--scopes <strings>- Additional authentication scopes for gh to have
Examples
# Open a browser to add write:org and read:public_key scopes
$ gh auth refresh --scopes write:org,read:public_key
# Open a browser to ensure your authentication credentials have the correct minimum scopes
$ gh auth refresh
# Open a browser to idempotently remove the delete_repo scope
$ gh auth refresh --remove-scopes delete_repo
# Open a browser to re-authenticate with the default minimum scopes
$ gh auth refresh --reset-scopes