diff --git a/services/auth/basic.go b/services/auth/basic.go
index f117494762..2167055384 100644
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@@ -72,7 +72,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 	}
 
 	// check oauth2 token
-	uid, _ := CheckOAuthAccessToken(req.Context(), authToken)
+	uid, grantScopes := CheckOAuthAccessToken(req.Context(), authToken)
 	if uid != 0 {
 		log.Trace("Basic Authorization: Valid OAuthAccessToken for user[%d]", uid)
 
@@ -83,6 +83,11 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 		}
 
 		store.GetData()["IsApiToken"] = true
+		if grantScopes != "" {
+			store.GetData()["ApiTokenScope"] = auth_model.AccessTokenScope(grantScopes)
+		} else {
+			store.GetData()["ApiTokenScope"] = auth_model.AccessTokenScopeAll // fallback to all
+		}
 		return u, nil
 	}