Is there any beta I can sign up for or something like that to access this early? Because I really want this so I can switch my discord bot to use this new api.
You can still request to be added to the overall OAuth beta program here:
OAuth 2.0 has been a massive effort for us. We’d like to thank everyone who participated in the private beta program and offered their invaluable feedback! The program will continue being active with all new features and APIs first released there. If you’re interested in early access and offer us feedback, click here to apply.
2 Likes
Trying to update the redirect URLs on an existing OAuth app, but I’m getting an error. Tried making a new one and the same thing is happening
Adding context to the above post; hopefully to add some extra insight into the issue. Looks like the update submission post request is submitting an OAuth scope which can’t be modified or selected in the scopes list so the update requests just fail validation.
The only way to get around this is to fire the request off manually and remove that scope from the payload.
1 Like
I think I’m aware of the issue here. We accidentally released a scope (universe.place.instance:read) that wasn’t supposed to be released OAuth2. We have removed that scope from OAuth2 now but some of you may have selected the scope while it was available and now cannot unselect the scope.
Does updating your app manually (i.e. Postman request to update your app without that scope) not fix the issue of being unable to update your app through the UI? Regardless, please DM me your app IDs and I can fix them on my end.
I only have openid & profile selected and it’s still failing. Tried sending the request manually as well, but the same thing is happening. I’ve sent you a PM with my app ID.
1 Like
By the way, your app should be fixed now so you should be able to update the app through the UI again! Let me know if you encounter any further issues
Does this still require early access approval or available for public?
Not anymore, just need to be ID verified iirc
are there any plans to improve managing group-owned OAuth2 applications?
so many annoyances are currently faced
- the group owner must be ID verified (understandable)
- the group owner must create the application themselves
- group members with sufficient permissions cannot create or even manage (!) OAuth2 applications
- when group ownership is transferred, the OAuth2 application is no longer accessible, even when transferring back
i hope these issues can be addressed
Hey there, 1-3 are known limitations, but also this doesn’t seem super impactful since changes to OAuth apps should be rare (image/title/description/scope list edits should not be too common past development stage), and ultimately the group owner is responsible for the behavior of the app so it makes sense to impose those restrictions on the group owner.
I agree ideally 3 and maybe also 2 should be adjusted in the future at the least but given above it is not very high priority work. It’d be good to understand how much of a pain point this is for you. This feature requires engineering work so it is not free and would slow down other projects in progress.
For 4, that seems like a bug, can you please file a bug report with all necessary details? That is not the intended behavior of the feature and should be fixed.
thanks for your response 
while its quite understandable that the group owner should be responsible for the app and such, most of them just cannot get to understand how to, and needing to guide them for the most basic tasks such as adding redirect URIs (+ needing to wait for a response) is quite frustrating
if a group owner trusts a person to develop their application, its no different from trusting them to manage it, hope this will be considered
creating an app is understandable, but managing it should be made possible to authorized roles/users
1 Like
Hey, how do I request scope extension of scope “email” for OAuth2 use? It is really important scope for us to have.
Because current user data scopes are very limited:
And we need an email to succesfully create a user account on our service.
It’s not available to third-party applications at this time due to security/policy reasons.
1 Like
Alright I get it, would it be possible to consider adding “group:join” scope so the app could make users join to a group once authenticated? I think this could help many people with group approvals when it comes to more private groups, e.g. against bots or alt accounts.
Additionally a “avatar” claim so we can get user’s 30day avatar picture alongside the 30day headshot under “picture” claim.
Getting user avatar => being worked on as a separate API to call. It won’t be a new claim. We only support picture claim for OpenID Connect backward compatibility.
Group join scope => please file a feature request with us for visibility.
1 Like
Age doesn’t tell if a person is trustworthy or not, this is discrimination on age!
It’s not the age verification that keeps away bad actors, it’s the sending of your ID to Roblox that keeps away bad actors. There wouldn’t be many people willing to do illegal things with their OAuth 2 linked websites if Roblox has there legal name and ID.
1 Like
Please review this post: