You can ask in the OAuth request for what “data” you want access to, VRChat can just restrict it so you can only request basic info, eg. Name, Id, some basic profile info
Yes, please @vrchat-team, open oauth2/openid solution to all (or vrc+ accounts :).
Probably first to invite only (like they are doing with Age Verification) and from there moving to a VRC+ based system. And from VRC+, to open to everyone (assuming they agree to specific data storage terms). Like how Roblox has their Oauth: OAuth 2.0 Authentication | Documentation - Roblox Creator Hub
@tupper now that oauth2 has been tested with partners like Furality, will we ever see an opportunity for other developers to use Oauth2, or perhaps have some way to apply to access it.
1 Like
@tupper Any updates on this, as this is a feature I need desperately
1 Like
@tupper
Assuming the above post, what would be good examples of issues VRChat would be facing? Competition though API abuse? Permission safeguarding? Making sure people don’t abuse the data they get? Privacy policy adherance? etc?
Another post in this category to keep the talks going! I’d love to use this in cases where I can request VRChat information like the player id. Instead of relying on having players manually select their username. And verify by accepting a FR.
What falls under the concept of “You need to be approved or a partner”. How do you become one or become a “oidc trusted” person?
Going to be my point of vue after some time waiting for such feature. Based on decisions I saw from vrchat and tupper’s response, the objective of vrchat company is to keep safe the access of their data to be able to provide services for users.
When I read “don’t compete with ourselves” I read to keep first party apps to be run by their close company partners instead of global. It’s most likely that providing oauth would give access to too much internal data.
Hopefully they can work on something more limited some day to allow people to do something without having to rely on dirty ways.
At least for discord, people have setup ways now for it, and from what I saw that was the most need.
Fair, I’d always think they go the same route as Roblox. They have a creator economy themsvelves and a full program to handle the applications for user data. So I’m suprised VRChat is still very closed nitted with access. Especially if the only things most people would need are just profile info (Name & VRChat ID)
I can respond here, because I’m not too keen on my funny bsky posts becoming a primary source of info for VRChat positions 
We have talked about oAuth and SSO solutions before internally. Versions of it are interesting, like allowing people to sign into other services using their VRChat account as a form of authentication. This could be cool – but it isn’t a small amount of work, and we simply don’t have it as a priority right now. So, it isn’t “never.” We just don’t have an ETA other than “maybe? sometime?”
In short, there’s no particular thing I can point at and say “this is what is making it hard/impossible”, but instead our answer is “this would be cool, but it is not something we are working on right now nor is it on our roadmap.”
Personally, I don’t see much issue with the “put this text in your bio” approach. There’s a few games that I used to play (EVE, mainly) that had groups that would do this. While janky, they were both effective and kinda cool. I don’t believe those types of systems would impinge on our current API usage guidelines or our Terms.
3 Likes
Loud and clear. Thank you for the precision. I’ll be sure to direct people to this if some poeple ask.
Side note, keep on with your funny jokes on bsky. I like them
1 Like
