[Public Beta] Building Your Applications with OAuth 2.0

fivefactor · June 13, 2023, 1:48am

Adding on to this request, are there any plans to potentially add a “groups” scope to OAuth? For example, this would allow the application to perform requests on groups the user owns

Hooksmith · June 13, 2023, 1:48am

I checked and it’s covered in the same work I mentioned in this post: [Public Beta] Building Your Applications with OAuth 2.0 - #102 by Hooksmith

fivefactor · June 13, 2023, 1:50am

Got it, did not see that. Were there any previous mentions of an analytics API (as I mentioned in my previous post)?

Hooksmith · June 13, 2023, 1:52am

The vision is all these features should be available through Open Cloud some day but it’s going to take us a while to get there.

Unfortunately I did not see mention of analytics API in the immediate priority list of stuff to implement, but I noted down and forwarded your post above (as well as all other requests on this thread).

TheHeadIessHorseman · June 13, 2023, 3:05am

Is there any plans to allow us to get the users email?

Hooksmith · June 13, 2023, 3:20pm

Answered in [Public Beta] Building Your Applications with OAuth 2.0 - #88 by Hooksmith

No plans to do this at the moment. There’s a large security/privacy burden here that we would need to overcome. I wouldn’t expect it happen soon or at all at this time.

TheHeadIessHorseman · June 13, 2023, 3:59pm

Gotcha, thanks for the update. Was curious just so for a discourse instance I no longer would have to ask for email and have email verification. Hopefully this will come one day.

foodeggs7 · June 14, 2023, 2:10pm

Can you build websites wit oauth2 or something like that

LifeDigger · June 14, 2023, 6:01pm

Depends on what you define as “build”. Websites are where you can see OAuth2 commonly because it is often used as a quicker log in however OAuth2 is not the only thing you need to build a website.

What OAuth2 is, is basically just a way for you to easily have someone give a third party app permission to access and use resources someone has.

foodeggs7 · June 14, 2023, 6:12pm

Ok and what can the 3 party apps be

LifeDigger · June 14, 2023, 6:42pm

Third party apps is anything which is outside of Roblox basically. So for example websites, phone apps, bots.

foodeggs7 · June 14, 2023, 6:44pm

Sall i so can add my own website

LifeDigger · June 14, 2023, 6:51pm

Yea that should work if you where to add it to your site. You basically just need to direct the user when they click a button or something such as that to the URL where the user gives authentication (you just then follow either one of the authentication flows and get the refresh token and access token).

OriginalArkus · June 14, 2023, 10:42pm

I’ve been working on setting up one of the projects I work on to use the new Roblox OAuth 2.0 infrastructure, but unfortunately I’ve hit a few problems with defining redirect URLs.

The comment underneath the textbox for redirect URLs states that " Must have secure SSL certificate (starts with https://) unless host name is localhost". I have a locally trusted certificate (self-signed) for localhost and HTTPS is mandatory for my application but not permitted as a redirect URL - it seems to only accept localhost without https. HTTPS should be optional (but maybe encouraged) for localhost, not forbidden! My code just doesn’t listen to HTTP other than to immediately use a 302 to upgrade to HTTPS, so I can’t currently use localhost as a development URL.

As a consequence, I currently can’t build my test integration with Roblox. Can this be investigated and resolved?

Hooksmith · June 15, 2023, 12:52am

Thanks for the feedback, we’ll tweak that (heard the same feedback last week internally).

An easy workaround for now for testing is to define it as http:// in your app settings, and just add the “s” in browser bar manually when you hit the void localhost uri, to actually get to your app.

Hooksmith · June 15, 2023, 9:32pm

This is resolved now, you can use HTTPS with localhost and custom ports now for redirect URIs.

NotMonkeyBusiness · June 20, 2023, 11:06pm

I’ve submitted my app for verification but it has been declined for an invalid redirect URL, even though it works completely fine when I navigate to it. Can this be looked into please?

Hooksmith · June 22, 2023, 7:07pm

Could you resubmit it? We did some relaxing on the moderation policy for redirect URLs recently. Let me know in DM if it’s still getting rejected (please DM me your client ID if so).

OriginalArkus · June 25, 2023, 6:19pm

Having fixed the redirect URLs (thanks @Hooksmith for your help) I’m now randomly receiving errors from authorize.roblox.com when signing in:

Authorization Error

Argument does not respect the defined limits.

Please contact the owner of the application for help.

Which argument, and which limits? Is there anywhere I can see log output or similar to diagnose this issue?

Hooksmith · June 26, 2023, 1:45pm

If you go into the network console you should be able to look at the network payloads and figure this out. The error message there will have the parameter name (if it’s about a specific parameter).

If you need help please send me a fully formed authorization URL in DMs and I can take a look for you.