I have a live self-hosted instance of Discourse which I’m currently testing/evaluating. The forum would be for a private community where confidentiality of posts and messages is important. I currently have “invite only”, “login required”, and “must approve users” enabled.
I’d like to offer social login to the users to make it easier for them to access the forum, and I’ve set up Facebook oauth2 as a test.
It’s clear to me what data my forum website would receive from the oauth2 provider (such the user’s name and email address), but I’m not sure what data, if any, the oauth2 provider would be receiving from my forum website. I’m assuming they would keep a log of when/how often the user logs in to the forum using their system, but is there any possibility of them getting forum profile data, posts, messages, etc?
Thanks for your reply - I didn’t think the oauth2 provider would have deeper access to my site, but Facebook’s TOS for developers are so broad that I wasn’t sure.
I’m assuming bots won’t have access to forum posts since I have “login required” enabled. If I log out, then try to go to any URL in the forum subdomain besides /privacy, /tos, or /login I either get an error message or get redirected to the login page.