Provide an authentication/authorization model for third-party API integrations
tracked
bd_
(I know this has been requested before, but I couldn't find a canny for it)
Please add an authentication/authorization model such as oauth for use by third-party applications, so that they can integrate with the VRChat API without having to grant full access to the user's account. Even having a read-only authentication model would be very useful.
Log In
Spokeek
Will reshare the statement from tupper on the forum for tracability on that topic. https://ask.vrchat.com/t/a-proper-sso-oauth2-and-or-oidc-endpoint-public-vrchat-api/22909/31
Vesturo
It would be really neat if VRChat gave tool makers access to Single Sign On. Right now it is limited to selected B2B partners which leaves the rest of us relying on awkward workarounds like putting codes in bios or friending bots just to verify accounts.
Single Sign On would make things much easier for third party creators and much smoother for players using those tools. It is more secure, more consistent, and feels far more professional than the current methods.
Even if it was application based where VRChat decides who gets access it would still be a huge improvement compared to it only being available if you have corporate money. The community has already built many tools that make VRChat better and giving us a proper login system would only make them stronger.
Vesturo
Speaking from a personal experience i could see it lower the friciton a lot. GSLink during it's existence went from "friend this bot" to "add this code to your bio" and it already made a lot more people use it, having access to single sign on could transfer directly to more users utilizing it because you literally just press a button to link your accounts, instead of having
* Search for your profile -> add code to your profile -> wait for our API to process your verification -> remove code from profile.
We would go to
* click this button -> confirm that GSLink is allowed to access your profile informations
Scout - VRChat Head of Quality Assurance
tracked
Melo the Marten
Hello, I fully support this and I would like this to be implemented.
Foorack
Isn't this already implemented? VRChat has an OAuth implementation where you can specify by
scope
what part of the user's account you are requesting access to. Applications such as Furality and ReadyPlayerMe already uses this.Although while it seems like you have to contact VRChat staff to get access to this, all the code seems to already be in place.
API example of fetching info for an OAuth application: https://api.vrchat.cloud/api/1/oauth/oauth_b9260015-6ba7-4eff-837b-5e6f13bee436
bd_
Foorack: it seems to only be available for certain corporate partnerships at the moment, a documented version available for community tools is what I would want