From b88bad2a01cc5fb7a74d607551e9abd9e9596e44 Mon Sep 17 00:00:00 2001
From: Nicolas <bircni@icloud.com>
Date: Sat, 2 May 2026 12:58:40 +0200
Subject: [PATCH] Fix basic auth bug (#37503)

Backport for #37486
---
 services/auth/basic.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/services/auth/basic.go b/services/auth/basic.go
index dda6451c36..ae5d4305c4 100644
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@@ -68,8 +68,8 @@ func (b *Basic) parseAuthBasic(req *http.Request) (ret struct{ authToken, uname,
 
 // VerifyAuthToken only the access token provided as parameter, used by other auth methods that want to reuse access token verification logic
 func (b *Basic) VerifyAuthToken(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore, authToken string) (*user_model.User, error) {
-	// get oauth2 token's user's ID
-	_, uid := GetOAuthAccessTokenScopeAndUserID(req.Context(), authToken)
+	// get oauth2 token's user's ID and access scope
+	accessTokenScope, uid := GetOAuthAccessTokenScopeAndUserID(req.Context(), authToken)
 	if uid != 0 {
 		log.Trace("Basic Authorization: Valid OAuthAccessToken for user[%d]", uid)
 
@@ -81,6 +81,7 @@ func (b *Basic) VerifyAuthToken(req *http.Request, w http.ResponseWriter, store
 
 		store.GetData()["LoginMethod"] = OAuth2TokenMethodName
 		store.GetData()["IsApiToken"] = true
+		store.GetData()["ApiTokenScope"] = accessTokenScope
 		return u, nil
 	}