Skip to main content

Hi there! We have an integration with pagerduty that uses Classic User oAuth. We currently pass the “read” scope. When I try to pass the “write” scope it doesn’t take it. I can create an app with Classic User oAuth manually in the UI but somehow not through the workflow. 

We use the github.com/PagerDuty/go-pagerduty library for this.

It currently calls the following URL: https://app.pagerduty.com/oauth/authorize?client_id=XYZ&response_type=code&redirect_uri=https://abc.com/callback&state=ABC&access_type=offline&prompt=consent&scope=read 

 

If I change it to the following URL it just shows User ID. I would expect it to show write scope in there.

https://app.pagerduty.com/oauth/authorize?client_id=XYZ&response_type=code&redirect_uri=https://abc.com/callback&state=ABC&access_type=offline&prompt=consent&scope=write

I also tried using https://identity.pagerduty.com/oauth/authorize URL but no luck. 

Hi ​@adarsh-range,

Thanks for sharing the details of your integration challenge.

Classic User OAuth is pretty limited—while you can sometimes select "write" scope in the UI, it’s not always honored when you try to use it programmatically or via the API. This is by design: Classic User OAuth is mostly intended for simple, user-level integrations and is generally restricted to "read" access.

If you need "write" access, the recommended approach is to use Scoped OAuth. Scoped OAuth is more flexible and secure, and it’s the only way to reliably get "write" permissions for your integration. You’ll need to have admin privileges on your PagerDuty account to register a Scoped OAuth app.

Here’s a helpful link to PagerDuty’s developer docs and a guide on building apps with OAuth 2.0 and API scopes.

Please let me know if this approach works for your use case, and have a nice day!


Reply