Forge uses the Ghub package to access the APIs of supported Git forges. How this works and how to create and store a token is documented in (ghub)Getting Started.
Ghub used to provide a setup wizard, but that had to be removed for reasons given in the manual just mentioned. Nowadays there is no way around reading the documentation and doing this manually I am afraid.
Forge requires the following token scopes.
repogrants full read/write access to private and public repositories.
usergrants access to profile information.
read:orggrants read-only access to organization membership.
More information about these and other scopes can be found at https://docs.github.com/en/developers/apps/scopes-for-oauth-apps.
apiis the only required scope. It gives read and write access to everything. The Gitlab API provides more fine-grained scopes for read-only access, but when any write access at all is required, then it is all or nothing.