OAuth 3rd-party applications can not be Managed in Settings

3rd-party applications can not be Managed in Settings

if a 3rd-party application is authorized to an “Account” it can not be Managed in “Account” settings and doesn’t show up.


This happens currently on the Roblox Website: “https://www.roblox.com
noticed the issue: “June 10, 5:24 PM
”.


Application Information: Client-ID, Scopes, Redirect URLs…

  • Client-ID: “1665391555399328524”
  • Scopes: “openid” & “asset:read”, “asset:write”

IMPORTANT: Redirect URL will be Changed after Development is finished.

IMPORTANT: Im not Sure if this is the “response_type” if not i apologize for the inconvenience.

  • response_type: “code&nonce=12345&state=6789”

i hope the Information is correctly summarized if not i apologize again for the inconvenience.


Now Let’s Reproduce this issue please select one of the Following Options:


Reproduction Video or Handwritten Reproduction

the video is "unlisted" so the Bug will not be exposed to the Public.

Repro

Authorize an “Test” application to “an/your” “Account”:

  • Go to “ https://www.roblox.com"
  • Find the Settings icon and Select: “Settings”
  • Now just Tab on: “App Permissions” Now it should still say: “No Authorizations”.

I hope this helps resolving the issue if more information is needed feel free to reach out Greetings GamingLama.

1 Like

Hey @GamingLamaWasTaken it looks like you are not actually yet exchanging the authorization code for an OAuth 2.0 token set (access/refresh/ID token). The result is that your app has no valid sessions for this user, and therefore this doesn’t show on the “App Permissions” page.

The application can’t do anything with/to your resources with just the authorization code. The code expires after 1 minute. If the app hasn’t exchanged by then, the app does not have any of the permissions granted to it by the user, so there’s no actual third-party access and nothing to revoke in this case.

Once the app actually starts exchanging the authorization code, it can be seen and revoked by users in “App Permissions”.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.