I’m experiencing a 403 “missing scope” error when creating stories (comments) on tasks via the API using an OAuth token, but the same operation succeeds with a Personal Access Token.
Setup:
- Endpoint: POST /tasks/{task_gid}/stories
- Request body: {“data”:{“text”:“comment text”}}
- OAuth token scopes: default projects:read custom_fields:read project_sections:read workspaces:read tasks:read tasks:write attachments:read stories:read users:read attachments:write projects:write identity
{
"errors": [{
"message": "One of the following scopes must be present to fulfill this request: ",
"help": "For more information on API status codes and how to handle them, read the docs on errors: https://developers.asana.com/docs/errors"
}]
}
The exact same API call on the same task succeeds when using a Personal Access Token for the same user account.
Is tasks:write insufficient for creating stories via OAuth apps? The documentation suggests it should work, and the fact that PATs work indicates the underlying permissions exist.
Is this a known limitation or am I missing something?
Any guidance would be appreciated!