diff --git a/tests/gitea/custom/test_admin_api.py b/tests/gitea/custom/test_admin_api.py
index 6eacf14..d2a7b84 100644
--- a/tests/gitea/custom/test_admin_api.py
+++ b/tests/gitea/custom/test_admin_api.py
@@ -93,10 +93,11 @@ def test_admin_api_user_org_token_lifecycle(live_app):
         assert body.get("username") == test_org, f"unexpected org: {body}"
 
         try:
-            # 3. Create API token for test user (admin creates token on behalf of user)
+            # 3. Create API token for test user (admin creates token on behalf of user).
+            # Gitea 1.22+ requires explicit scopes; supply the minimum needed for steps 4-5.
             status, tok_body = _api(
                 live_app, f"/users/{test_user}/tokens", method="POST",
-                body={"name": token_name},
+                body={"name": token_name, "scopes": ["read:user", "read:organization"]},
                 user=adm_user, password=adm_pass,
             )
             assert status == 201, f"token create HTTP {status}: {tok_body}"