I’m asking a Patreon creator to authenticate the account, using scopes "identity campaigns w:campaigns.webhook campaigns.members" in order to be able to list that creator’s supporters. (My app will give perks to supporters, and will use a webhook to know when people come and go.) This set of scopes should, if I’m understanding the docs correctly, let me list supporters, but NOT see their email addresses or street addresses:
My list of scopes does not include either campaigns.members[email] or campaigns.members.address. The creator saw this prompt when contemplating granting permission:
Your app shouldnt be able to get email access to the members unless you get the campaigns.members[email] scope. Same for the address scope. The text that appears in the interface may be modified to cover all cases.
So you’re saying that the consent dialog is what’s incorrect here? I’m not fully comfortable trying to reassure the creator with “trust me, it won’t reveal anything”, but if that’s what it takes, that’s what it takes.
No, the text is already in a modified form to cover all cases, hence the repetitions. If you are not asking the email scope, you shouldnt be able to get the email.
The problem is that the consent dialogue doesn’t reflect this. Even if I can’t get the email, the user doesn’t know that.
My client refused to go through with this, because she did not want to take on the risk that she was exposing her supporters’ email addresses. Which I fully agree with. This is why scopes exist. The consent form is incorrect regarding the scopes requested.
Got it. This should be a bug. You should open a support ticket and say that this seems to be a bug and describe what is the ideal behavior. Also note that you opened that ticket so that it will be on record as a bugfix request.
