[Public Beta] Building Your Applications with OAuth 2.0

Hi, are there plans to allow OAuth2 apps to send messages to a roblox users profile (in some way), Like a notification to the messages inbox of a user? I use OAuth for allowing users to report exploiters on a website, and users are asking to be notified about the result of their reports. I think that would be a cool feature, because giving out the users email, as said, would be a security risk.

2 Likes

There are no plans for this at the moment. Thanks for letting us know your use case.

For the time being you can set up some sort of notification stream in your own app (implement it yourself) to achieve this use case. You can then log users into your app via OAuth.

Okay, good to know. Thanks for the information and the alternative idea!

4 Likes

These CORS issues are now resolved. You no longer need to use a CORS proxy.

3 Likes

i’m glad to hear that this is now the case! albeit, i’m not sure if the changes aren’t live yet, or if i am using the wrong endpoints, but it still seems like no roblox APIs include a CORS header in their responses

Thank you for bringing this up. GET /userinfo and POST /token endpoints should now be working correctly. All other Open Cloud APIs (resource servers) are also working.

1 Like

This is live now, the userinfo endpoint response now contains the OpenID Connect picture claim when the scope profile is used. This is the avatar headshot URL of the authorizing user. We’ll update the documentation soon with the same information.

This is awesome news! Thank you so much for adding this

1 Like

Any updates on when the group write permission will be added?

This is something we’re working on, there are some blockers to work through, but the team is aware this is one of the top needs for OAuth app developers and acting accordingly.

3 Likes

Is the ability to request email a feature yet?

1 Like

No, this is not being investigated currently. Team is focused on higher impact Open Cloud work.

As mentioned before in the thread there are significant policy issues to resolve around exposing user email that we don’t have bandwidth for right now / would be a significant opportunity cost compared to the other features we’re working on for you folks.

1 Like

Is there any beta I can sign up for or something like that to access this early? Because I really want this so I can switch my discord bot to use this new api.

You can still request to be added to the overall OAuth beta program here:

OAuth 2.0 has been a massive effort for us. We’d like to thank everyone who participated in the private beta program and offered their invaluable feedback! The program will continue being active with all new features and APIs first released there. If you’re interested in early access and offer us feedback, click here to apply.

2 Likes

Trying to update the redirect URLs on an existing OAuth app, but I’m getting an error. Tried making a new one and the same thing is happening

image
image

Adding context to the above post; hopefully to add some extra insight into the issue. Looks like the update submission post request is submitting an OAuth scope which can’t be modified or selected in the scopes list so the update requests just fail validation.

The only way to get around this is to fire the request off manually and remove that scope from the payload.


1 Like

I think I’m aware of the issue here. We accidentally released a scope (universe.place.instance:read) that wasn’t supposed to be released OAuth2. We have removed that scope from OAuth2 now but some of you may have selected the scope while it was available and now cannot unselect the scope.

Does updating your app manually (i.e. Postman request to update your app without that scope) not fix the issue of being unable to update your app through the UI? Regardless, please DM me your app IDs and I can fix them on my end.

I only have openid & profile selected and it’s still failing. Tried sending the request manually as well, but the same thing is happening. I’ve sent you a PM with my app ID.
image
image

1 Like

By the way, your app should be fixed now so you should be able to update the app through the UI again! Let me know if you encounter any further issues

Does this still require early access approval or available for public?