gh-auth-refresh - Man Page

gh auth refresh [flags]

Expand or fix the permission scopes for stored credentials for active account.

The --scopes flag accepts a comma separated list of scopes you want your gh credentials to have. If no scopes are provided, the command maintains previously added scopes.

The --remove-scopes flag accepts a comma separated list of scopes you want to remove from your gh credentials. Scope removal is idempotent. The minimum set of scopes (repo, read:org, and gist) cannot be removed.

The --reset-scopes flag resets the scopes for your gh credentials to the default set of scopes for your auth flow.

If you have multiple accounts in gh auth status and want to refresh the credentials for an inactive account, you will have to use gh auth switch to that account first before using this command, and then switch back when you are done.

For more information on OAuth scopes, see

⟨https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps/⟩.

-h, --hostname <string>

The GitHub host to use for authentication

--insecure-storage

Save authentication credentials in plain text instead of credential store

-r, --remove-scopes <strings>

Authentication scopes to remove from gh

--reset-scopes

Reset authentication scopes to the default minimum set of scopes

-s, --scopes <strings>

Additional authentication scopes for gh to have

0: Successful execution

1: Error

2: Command canceled

4: Authentication required

NOTE: Specific commands may have additional exit codes. Refer to the command's help for more information.

# Open a browser to add write:org and read:public_key scopes
$ gh auth refresh --scopes write:org,read:public_key

# Open a browser to ensure your authentication credentials have the correct minimum scopes
$ gh auth refresh

# Open a browser to idempotently remove the delete_repo scope
$ gh auth refresh --remove-scopes delete_repo

# Open a browser to re-authenticate with the default minimum scopes
$ gh auth refresh --reset-scopes

gh-auth(1)

gh-auth(1).