3 files changed, 21 insertions, 15 deletions

diff --git a/internal/api/client/user/emailchange.go b/internal/api/client/user/emailchange.go
index b2e25343f..09d5e8fde 100644
--- a/internal/api/client/user/emailchange.go
+++ b/internal/api/client/user/emailchange.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // EmailChangePOSTHandler swagger:operation POST /api/v1/user/email_change userEmailChange
@@ -46,7 +45,7 @@ import (
 //
 //	security:
 //	- OAuth2 Bearer:
-//		- write:user
+//		- write:accounts
 //
 //	responses:
 //		'202':
@@ -66,9 +65,12 @@ import (
 //		'500':
 //			description: internal error
 func (m *Module) EmailChangePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeWriteAccounts,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
diff --git a/internal/api/client/user/passwordchange.go b/internal/api/client/user/passwordchange.go
index df9f5b0c8..8b1c7e29a 100644
--- a/internal/api/client/user/passwordchange.go
+++ b/internal/api/client/user/passwordchange.go
@@ -26,7 +26,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 const OIDCPasswordHelp = "password change request cannot be processed by GoToSocial as this instance is running with OIDC enabled; you must change password using your OIDC provider"
@@ -52,7 +51,7 @@ const OIDCPasswordHelp = "password change request cannot be processed by GoToSoc
 //
 //	security:
 //	- OAuth2 Bearer:
-//		- write:user
+//		- write:accounts
 //
 //	responses:
 //		'200':
@@ -70,9 +69,12 @@ const OIDCPasswordHelp = "password change request cannot be processed by GoToSoc
 //		'500':
 //			description: internal error
 func (m *Module) PasswordChangePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeWriteAccounts,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
diff --git a/internal/api/client/user/userget.go b/internal/api/client/user/userget.go
index 147c1dbd5..c82a6d644 100644
--- a/internal/api/client/user/userget.go
+++ b/internal/api/client/user/userget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // UserGETHandler swagger:operation GET /api/v1/user getUser
@@ -39,7 +38,7 @@ import (
 //
 //	security:
 //	- OAuth2 Bearer:
-//		- read:user
+//		- read:accounts
 //
 //	responses:
 //		'200':
@@ -57,9 +56,12 @@ import (
 //		'500':
 //			description: internal error
 func (m *Module) UserGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeReadAccounts,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}