From 67573e622a7b555a2f4e2078c6ad161201e3e91e Mon Sep 17 00:00:00 2001
From: Naman Sood <mail@nsood.in>
Date: Thu, 21 Nov 2024 21:16:00 -0500
Subject: [PATCH] README: add note about required oauth scopes (#144)

* README: add note about required oauth scopes

Fixes #143.

Signed-off-by: Naman Sood <mail@nsood.in>

* english

Signed-off-by: Naman Sood <mail@nsood.in>

---------

Signed-off-by: Naman Sood <mail@nsood.in>
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 483b0c5..6d69900 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,8 @@ Subsequent steps in the Action can then access nodes in your Tailnet.
 oauth-client-id and oauth-secret are an [OAuth client](https://tailscale.com/s/oauth-clients/)
 for the tailnet to be accessed. We recommend storing these as
 [GitHub Encrypted Secrets.](https://docs.github.com/en/actions/security-guides/encrypted-secrets)
+OAuth clients used for this purpose must have the
+[`auth_keys` scope.](https://tailscale.com/kb/1215/oauth-clients#scopes)
 
 tags is a comma-separated list of one or more [ACL Tags](https://tailscale.com/kb/1068/acl-tags/)
 for the node. At least one tag is required: an OAuth client is not associated