Not anymore, just need to be ID verified iirc
are there any plans to improve managing group-owned OAuth2 applications?
so many annoyances are currently faced
- the group owner must be ID verified (understandable)
- the group owner must create the application themselves
- group members with sufficient permissions cannot create or even manage (!) OAuth2 applications
- when group ownership is transferred, the OAuth2 application is no longer accessible, even when transferring back
i hope these issues can be addressed
Hey there, 1-3 are known limitations, but also this doesnât seem super impactful since changes to OAuth apps should be rare (image/title/description/scope list edits should not be too common past development stage), and ultimately the group owner is responsible for the behavior of the app so it makes sense to impose those restrictions on the group owner.
I agree ideally 3 and maybe also 2 should be adjusted in the future at the least but given above it is not very high priority work. Itâd be good to understand how much of a pain point this is for you. This feature requires engineering work so it is not free and would slow down other projects in progress.
For 4, that seems like a bug, can you please file a bug report with all necessary details? That is not the intended behavior of the feature and should be fixed.
thanks for your response 
while its quite understandable that the group owner should be responsible for the app and such, most of them just cannot get to understand how to, and needing to guide them for the most basic tasks such as adding redirect URIs (+ needing to wait for a response) is quite frustrating
if a group owner trusts a person to develop their application, its no different from trusting them to manage it, hope this will be considered
creating an app is understandable, but managing it should be made possible to authorized roles/users
1 Like
Hey, how do I request scope extension of scope âemailâ for OAuth2 use? It is really important scope for us to have.
Because current user data scopes are very limited:
And we need an email to succesfully create a user account on our service.
Itâs not available to third-party applications at this time due to security/policy reasons.
1 Like
Alright I get it, would it be possible to consider adding âgroup:joinâ scope so the app could make users join to a group once authenticated? I think this could help many people with group approvals when it comes to more private groups, e.g. against bots or alt accounts.
Additionally a âavatarâ claim so we can get userâs 30day avatar picture alongside the 30day headshot under âpictureâ claim.
Getting user avatar => being worked on as a separate API to call. It wonât be a new claim. We only support picture claim for OpenID Connect backward compatibility.
Group join scope => please file a feature request with us for visibility.
1 Like
Itâs not the age verification that keeps away bad actors, itâs the sending of your ID to Roblox that keeps away bad actors. There wouldnât be many people willing to do illegal things with their OAuth 2 linked websites if Roblox has there legal name and ID.
1 Like
Please review this post: