When you do try to push your changes, you'll be greeted by the following error message:

![Remote Rejected] main -> main (refusing to allow an OAuth App to 
create or update workflow `...` without `worflow` scope)

The error is caused by me trying to push a set of commits to my repo that include a new GitHub Action Workflow. My OAuth token has been generated by the Git Credential Manager for Windows.

A dirty workaround is to generate a new token from the GiHub Developer Settings menu and paste that into your Windows Credential Manager:

Generate new token
Update the credential in your Windows settings

This will work for a while, until the Git Credential Manager for Windows refreshes your token it seems, as the scope is revoked after some time.

A better solution

A better solution is to get rid of the "old" Git Credential Manager for Windows and switch to Git Credential Manager Core. The new, cross platform, credential manager for Git, which will actually request the right scopes, doesn't seem to rely on IE11 and supports 2FA properly.

The new credential manager ships with Git 2.28, but isn't enabled by default.

Git credential core ships with Git 2.28, but is opt in for now.

After installing that and deleting the stored credential in the Windows Credential Store, I can now push my Github workflows without issues.

Photo used under Creative Commons: Jordan Morningstar.