How to check if a personal access token has the correct permissions