Oauth application scope bug

If I only check “read_user” scope in my application settings, upon requesting access_token I get error:
“The requested scope is invalid, unknown, or malformed.”

Also, I do not see a scope for reading rights. As I understand, “API” scope is for reading+writing, it is a bit of overkill for some uses, where you just want to read a private repo.