Many websites link with ROBLOX through some manner of verification involving going to a game and entering a code (My most recent method) or posting a code in their bio. (Some sites even ask for the user’s username/password! Yuck, that sounds like a scam!) If OAuth were implemented you could allow permission-based access to the user’s account. No permissions would allow you to simply link an account.
Deleted user