Sorry for the late response. I had to look back at a ton of use-cases over the years, compile them into something digestible and then, type it all out. I didn’t want to just give you random info since, that probably wouldn’t help you, your team or associated people out. I’m sure that I am missing a few but, these were the most common things that people use and have been begging for OAuth support on for years now.
For users.roblox.com, the functionality provided as of today is ok but, doesn’t serve a real use-case imo. Most of the users using my library (or others), typically use account info as means of verifying an external account with an account on Roblox. Many use the user’s description or (rarely) joining a game. I think if a “description” property was added to the endpoint’s response body, it would / should cover most cases that people would need.
For groups.roblox.com, the following endpoints are what people typically ask me about or use:
User headshots are also a big one that users ask about. Outside of those, I think most should be covered. The group urls are typically used for group administration and game administration on third-party platforms (discord, etc) and there’s a lot of complaints about it not being supported yet through this. I was not able to find the exact url but, group-ranking automation tools are probably the most asked thing that I see and personally, get requested. I think having those URLs (GET, POST) would cover a ton of use-cases.
Thanks for the responses. And for following up on my other ones.
I understand these “old-school” use case of adding a code or such to a description or playing a game to verify that you are in ownership of an account, but this should all be superseded entirely by OpenID Connect (this offering) as of today.
I can see it maybe being valuable to list a user’s blurb on a third-party app, but would love to see an actual product need for this from any third-party app developer before adding it. All of the verification use cases in regard to this seem obsolete at this point as they should just use OAuth2.0 workflow with openid scope.
Yeah aware of this one, this is a planned feature, thanks for bringing it up. We have some microservice stuff to sort out internally before we can provide it in the response.
Are there any plans for more APIs to be accessible using OAuth? Specifically in regards to experience analytics, it would be extremely useful to be able to use the API to access the analytics from the creator dashboard.
Hey folks I checked with the team and can confirm we have people working on group / group role management scopes for Open Cloud and all of your use cases for group API are covered properly in the spec. We’re going to roll this out iteratively (likely starting with read-only APIs and scopes) but the goal is to eventually have all group management supported via Open Cloud. We understand the priority of this.
On this comment specifically, this seems unnecessary once there is Open Cloud support for group management. Instead of using a separate account you would have the owner of the group authorize your app to use the APIs.
thank you for providing me with this information. I have decided to go with a well-documented bug report through the @Bug-Support team and I am looking to get this OAuth 2.0 bug fixed soon. Is there anyone specific who I should add to the bug report?
Adding on to this request, are there any plans to potentially add a “groups” scope to OAuth? For example, this would allow the application to perform requests on groups the user owns
The vision is all these features should be available through Open Cloud some day but it’s going to take us a while to get there.
Unfortunately I did not see mention of analytics API in the immediate priority list of stuff to implement, but I noted down and forwarded your post above (as well as all other requests on this thread).
No plans to do this at the moment. There’s a large security/privacy burden here that we would need to overcome. I wouldn’t expect it happen soon or at all at this time.
Gotcha, thanks for the update. Was curious just so for a discourse instance I no longer would have to ask for email and have email verification. Hopefully this will come one day.
Depends on what you define as “build”. Websites are where you can see OAuth2 commonly because it is often used as a quicker log in however OAuth2 is not the only thing you need to build a website.
What OAuth2 is, is basically just a way for you to easily have someone give a third party app permission to access and use resources someone has.