Roblox DevForum’s Authorization

Heya! How are you doing? Hopefully doing great today!

Today, I would like to talk about the new system that appeared to be released some days ago, the authorization website.

The function of https://authorize.roblox.com is to connect with your account once pressing the login button throughout the first pages of Developer Forums. However, in my perspective, I believe that in some areas there are pretty unnecessary…

Firstly, it is quite unnecessary as needing to do a bit of time process to log in to Developer Forums by connecting to your account. It was better when the site could detect if you are already connected to the Roblox platform in your current browser.

And, secondly, I believe truly you do not need to have another option to change your current Roblox account to an alternative, because eventually, it would give errors in case both of them have the same e-mails, leading you to create another e-mail account, and making frustration to only access successfully to the forum.

Therefore, in my understanding, releasing a new login is a technological throwback. So, in my point of view, if we understand this as a safe way for users, truly needs solutions such as quick questions like in Google Security system, “Are you trying to connect?”, providing information about the individual at what time, location, and device they did. If it is you, they would be sending you a code to your e-mail, Authenticator, or, as another way, give you confirmation buttons via mobile.

Another solution would be instead of having a button to switch to another account at the Roblox authorization site, to make Developer Forums’ profile options up/down on “Log Out”.

Extra: It would be easier having a link inside of the Roblox platform that, once clicking, the user is going to get directed to the forum’s platform, without needing to make a new account, as you are already on the website. This gains more time, and less work.

8 Likes

I am available for any help for the platform. Thank you for your time! :blue_heart:

1 Like

Hey, thanks for posting this.

The intention of the new “account select” page in between is to give you feedback about what account you are trying to log into.

Due to the unique email requirement of the forum, we actually get a lot of support requests where people don’t realize they are logged into some other account with the same email address. By adding the page in between, it’s super clear if they’re not on the right account they intended for using the Developer Forum.

Secondly, suppose you actually log into the wrong account on the Developer Forum, with the old flow, it was impossible to conveniently log out and log into another unless you manually navigated to roblox.com, logged out, logged in, and then manually navigated back to devforum.roblox.com. The current flow allows you to do it with just button clicks.

Additionally, this login screen will be used across all creator-facing products, both Roblox products and OAuth2.0 apps made by users (we are having a beta for this soon™). So this is also a means of adding consistency across all apps connected to Roblox.

It’s possible for us to take out the account select screen for first-party apps, we have actually done that for create.roblox.com. If there is more feedback like this we can consider that.

9 Likes

Is this going to be done for the Talent Hub as well?

Or has it already been done for the Talent Hub?

It’s already rolled out for Talent Hub, although since the Talent Hub has a logout button that also logs you out of roblox.com, we did not add the account select screen there since it would add no value (opposed to DevForum, see post above for details).

3 Likes

You cannot. This forum is made with Discourse, it has its own account system.

Okay! Comprehensive. In case I find another way to connect to the page, with safety, and better feedback, I am going to send more information. Therefore, I thank you for your attention.

It’s possible with OAuth2.0 since Discourse supports it.

2 Likes

I didn’t know that Roblox supports OAuth. Thanks for the info.

Its in Beta, as said in @Hooksmith ’s reply:

1 Like

We implement OAuth2.0 and OpenID Connect with the login flow here.

The OpenID working group actually has a draft specification for identity-provider-directed logout here, which could be used to make a logout button on Developer Forum (or any other OAuth2.0 app with OpenID scopes) that also logs you out on the main Roblox site: Draft: OpenID Connect RP-Initiated Logout 1.0 - draft 02

However, since we don’t deem it will be frequently used, and on top of that the spec above is still in draft, we haven’t implemented it.

5 Likes