OAuth2 authentication require that you obtain correct permissions (scopes) to access different API endpoints.
Scopes should be considered as grants: Users can select which scopes they grant access to for the application. The application might need to request new scopes over the lifecycle of the authorization.
As a general rule, you should only ask for scopes which your application needs and avoid asking for access to unnecessary ones. Users more readily grant access to limited, clearly described scopes.
View the user profile
View the user's memberships and rewards
View the user's pages, plans and rewards