[SILO-1018] chore: add assets scope definition + update bot token authorize flow

[Saurabhkmr98]

Description

• Add Assets scope definition
• Update bot token authorize flow with scopes required in the url

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• Feature (non-breaking change which adds functionality)
• Improvement (change that would cause existing functionality to not work as expected)
• Code refactoring
• Performance improvements
• Documentation update

Screenshots and Media (if applicable)

Test Scenarios

References

Summary by CodeRabbit

• Documentation
  • Updated Bot Token flow authorization documentation to include scope parameters.
  • Added Assets scopes (assets:read and assets:write) to OAuth scopes documentation.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
developer-docs	Building	Preview, Comment	Feb 25, 2026 9:28am

[makeplane]

Linked to Plane Work Item(s)

• [SILO-1018] Doc changes for Asset scope and get app installation

This comment was auto-generated by Plane

[coderabbitai]

📝 Walkthrough

Walkthrough

Documentation updates to OAuth authorization flows and scopes. A scope parameter is appended to the Bot Token flow authorization request, and a new Assets scopes section is introduced to the OAuth scopes reference with asset-related permissions.

Changes

Cohort / File(s)	Summary
OAuth Documentation Updates docs/dev-tools/build-plane-app/choose-token-flow.md, docs/dev-tools/build-plane-app/oauth-scopes.md	Bot Token flow authorization request now includes scope parameter. New Assets scopes section added with assets:read and assets:write permissions and descriptions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 Hoppy scopes have come to play,
Assets dancing on display,
Read and write with graceful care,
OAuth flows floating through the air! 🔐✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: adding assets scope definition and updating the bot token authorization flow with scope parameters.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore-improve_oauth_docs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

docs/dev-tools/build-plane-app/choose-token-flow.md (1)

46-52: ⚠️ Potential issue | 🟡 Minor

Scope values in the authorization URL contain raw spaces — should be URL-encoded.

Space characters are not valid in a URL query string without encoding. Per RFC 3986, they must appear as %20. Although the same issue exists pre-existing at line 156 (User Token flow), line 51 is the only new change in this PR. Developers copy-pasting this URL verbatim may produce a malformed request.

📝 Proposed fix

 GET https://api.plane.so/auth/o/authorize-app/
   ?client_id=YOUR_CLIENT_ID
   &response_type=code
   &redirect_uri=https://your-app.com/callback
-  &scope=scopeA scopeB scopeC
+  &scope=scopeA%20scopeB%20scopeC

Apply the same fix to the pre-existing User Token authorization URL (line 156):

-  &scope=scopeA scopeB scopeC
+  &scope=scopeA%20scopeB%20scopeC

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/dev-tools/build-plane-app/choose-token-flow.md` around lines 46 - 52,
The authorization URL examples include raw space-separated scopes which must be
URL-encoded; update the sample for the client app flow (the GET
https://api.plane.so/auth/o/authorize-app/ example) to replace spaces in the
scope query with %20-encoded separators, and apply the identical change to the
user token flow example (the GET https://api.plane.so/auth/o/authorize/ sample
mentioned at line 156) so both docs show properly encoded scope values.

🧹 Nitpick comments (1)

docs/dev-tools/build-plane-app/choose-token-flow.md (1)

46-52: Consider linking to the scopes reference from the scope placeholder.

scopeA scopeB scopeC is used as a generic placeholder across all code blocks in this file. Since oauth-scopes.md is being updated in this same PR, adding a note directing developers to that page would save them a lookup.

💡 Suggested addition (after the code block, ~line 53)

+> See [OAuth Scopes](/dev-tools/build-plane-app/oauth-scopes) for the full list of available scope values.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/dev-tools/build-plane-app/choose-token-flow.md` around lines 46 - 52,
Add a short note after the GET authorization code example that points readers to
the scopes reference by name and links to oauth-scopes.md; reference the
placeholder used in the code block ("scopeA scopeB scopeC") and instruct to
replace it with actual scopes from oauth-scopes.md so developers can find the
scope list quickly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@docs/dev-tools/build-plane-app/choose-token-flow.md`:
- Around line 46-52: The authorization URL examples include raw space-separated
scopes which must be URL-encoded; update the sample for the client app flow (the
GET https://api.plane.so/auth/o/authorize-app/ example) to replace spaces in the
scope query with %20-encoded separators, and apply the identical change to the
user token flow example (the GET https://api.plane.so/auth/o/authorize/ sample
mentioned at line 156) so both docs show properly encoded scope values.

---

Nitpick comments:
In `@docs/dev-tools/build-plane-app/choose-token-flow.md`:
- Around line 46-52: Add a short note after the GET authorization code example
that points readers to the scopes reference by name and links to
oauth-scopes.md; reference the placeholder used in the code block ("scopeA
scopeB scopeC") and instruct to replace it with actual scopes from
oauth-scopes.md so developers can find the scope list quickly.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 97f12cc and 569189a.

📒 Files selected for processing (2)

• docs/dev-tools/build-plane-app/choose-token-flow.md
• docs/dev-tools/build-plane-app/oauth-scopes.md