Small OAuth Bug

jubewe · February 14, 2026, 3:18pm

Hey there,

I’m not really sure which category this fits into so I’m posting this as Uncategorized.

My plan was to try and not request a scope, since I only need the user-id for my project and thought that might work without any scopes.
But when authenticating via the https://www.patreon.com/oauth2/authorize url, I caught a bug.
If the scope query param is empty (&scope=), you can still authorize and get a single use code, but validating that on the server (via the /api/oauth2/token?code=x) returns an error 500.

Not that big of a deal but it would be great if a dev could look into it.

noertap · March 11, 2026, 2:24am

Looks like this happens specifically when scope param in the authorization flow is set to empty (&scope=). If no param was provided, then the default identity scope would’ve been set. Thanks for reporting, I’ll let you know when this is fixed.

noertap · March 11, 2026, 9:31pm

@jubewe the fix for this shipped this morning. Thanks for reporting!

Topic		Replies	Views
401 Unauthorized Error from OAUTH2 Endpoint Friendly Help	5	1258	March 5, 2024
Scope is not working? Friendly Help	1	561	January 31, 2019
Bug in OAUTH2 Sign-In	2	77	June 21, 2025
Oauth2 Troubles API Feedback	19	763	June 13, 2025
Breaking OAuth Change: Scopes must be set on post auth API Feedback	8	1819	October 4, 2019

Small OAuth Bug

Related topics