What data does an oauth2 provider (Facebook, Google, etc) receive about my forum?

I have a live self-hosted instance of Discourse which I’m currently testing/evaluating. The forum would be for a private community where confidentiality of posts and messages is important. I currently have “invite only”, “login required”, and “must approve users” enabled.

I’d like to offer social login to the users to make it easier for them to access the forum, and I’ve set up Facebook oauth2 as a test.

It’s clear to me what data my forum website would receive from the oauth2 provider (such the user’s name and email address), but I’m not sure what data, if any, the oauth2 provider would be receiving from my forum website. I’m assuming they would keep a log of when/how often the user logs in to the forum using their system, but is there any possibility of them getting forum profile data, posts, messages, etc?

1 Like

No, they won’t be sent that data.

Keep in mind that if your forum is public, your posts will eventually be crawled by bots, but that has nothing to do with using oauth2 for login.

5 Likes

Thanks for your reply - I didn’t think the oauth2 provider would have deeper access to my site, but Facebook’s TOS for developers are so broad that I wasn’t sure.

I’m assuming bots won’t have access to forum posts since I have “login required” enabled. If I log out, then try to go to any URL in the forum subdomain besides /privacy, /tos, or /login I either get an error message or get redirected to the login page.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.