From 540603ed7a5a5c95a4b6de84b71a9656a6df9892 Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Tue, 31 Oct 2023 18:58:37 +0000
Subject: [PATCH] OAuth2 docs: check access token + scopes

---
 app/flatpages/help/oauth.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/app/flatpages/help/oauth.md b/app/flatpages/help/oauth.md
index c575af6f..cb4cf03c 100644
--- a/app/flatpages/help/oauth.md
+++ b/app/flatpages/help/oauth.md
@@ -88,3 +88,17 @@ Possible errors:
 * Missing code
 * client_id and/or client_secret is incorrect
 * Incorrect code. It may have already been redeemed
+
+### Check access token
+
+Next, you should check the access token works by getting the user information:
+
+```bash
+curl https://content.minetest.net/api/whoami/ \
+    -H "Authorization: Bearer YOURTOKEN"
+```
+
+
+## Scopes
+
+OAuth2 applications can currently only access public user data, using the whoami API.