I’m asking a Patreon creator to authenticate the account, using scopes "identity campaigns w:campaigns.webhook campaigns.members" in order to be able to list that creator’s supporters. (My app will give perks to supporters, and will use a webhook to know when people come and go.) This set of scopes should, if I’m understanding the docs correctly, let me list supporters, but NOT see their email addresses or street addresses:
My list of scopes does not include either campaigns.members[email] or campaigns.members.address. The creator saw this prompt when contemplating granting permission:
Your app shouldnt be able to get email access to the members unless you get the campaigns.members[email] scope. Same for the address scope. The text that appears in the interface may be modified to cover all cases.
So you’re saying that the consent dialog is what’s incorrect here? I’m not fully comfortable trying to reassure the creator with “trust me, it won’t reveal anything”, but if that’s what it takes, that’s what it takes.
No, the text is already in a modified form to cover all cases, hence the repetitions. If you are not asking the email scope, you shouldnt be able to get the email.
The problem is that the consent dialogue doesn’t reflect this. Even if I can’t get the email, the user doesn’t know that.
My client refused to go through with this, because she did not want to take on the risk that she was exposing her supporters’ email addresses. Which I fully agree with. This is why scopes exist. The consent form is incorrect regarding the scopes requested.
Got it. This should be a bug. You should open a support ticket and say that this seems to be a bug and describe what is the ideal behavior. Also note that you opened that ticket so that it will be on record as a bugfix request.
Not 100% sure as testing with my own account has a few differences, but yes it does seem to be happening. You should be able to test it out by going to Support Platform Integrations - Mustard Mine and clicking the “Link your Patreon account” button. As long as you’re logged in to your Patreon, it should present you with the consent screen.
The scopes I request are “identity campaigns w:campaigns.webhook campaigns.members” which, according to the docs, should not grant access to email addresses. (Specifically, note that I am not requesting the campaigns.members[email] subscope.) And the consent screen says “View your campaign’s pledges, including pledge status, amount, and history alongside each member’s full name and email address”. This has important implications with regard to EU legislation; a European creator, using my non-European service, was legitimately concerned about her supporters’ private information being made available to this external tool. And that’s exactly what OAuth scopes are supposed to be for - my tool doesn’t need those addresses, so I shouldn’t request them.
I’m pretty sure that’s where I went before coming here. My ticket ID was 2916774 but that probably won’t mean anything. The help wasn’t able to help and I was told to ask on this site instead.
I’m getting the clear impression that I should be using Ko-fi instead.
Thanks for the update. I verified that campaigns:members does not share email address. I’ll put in a ticket to remove the mention of the email address from the scope description. I will update you once it’s changed.
