I noticed the only permission scope of Figma authentication via OAuth2 is “file_read”, but this is too much for me. In my circumstances, users are posting some data to my server inside the Figma plugin, for which I only have to get a valid user identity, not an access to their Figma files.
I think it’s very similar to those “Sign in with Google/Facebook” buttons, does Figma provide something like this? A “Sign in with Figma” button?
There is no such thing unfortunately. But I think it’s still kind of valid to use it for auth until they add more permissions control because without having specific Figma file or team links you won’t be able to get any of their files.
You can tell users about it on the login page but yeah I agree it doesn’t look good. Interestingly, even the Figma Forum itself asks you for those permissions when you are signing up.
The future of design tools will be built around Figma. However, if we’re serious about building tools on top of Figma, we also be sensitive about the users’ data. That is, as an app integrating with Figma, we should be given access to the minimal amount of data for the functionality of our app.
An easy first step would be to include a user_profile scope on top of the current file_read scope. This would minimally allow developers to build a “Login with Figma” feature, which can be used as a distribution channel for getting more developers to use the Figma REST APIs.
Is there any plans at all to add this in the future?
Having exactly this same situation 2 years later.
Many of our users are paranoid about our tool asking for so much access, while all we need is user information…
Not trying to be too pushy, just wondering if we could get some information about expected release of this IMO critical change.
Is this a ‘definitely coming next month’ kinda thing, or a ‘maybe try next year’ kinda thing?
Apologies that i keep bumping this, but we keep having users stop our onboarding process because 'i’m worried about my data privacy giving away all these permissions to this plugin"
Any update please? i cannot imagine this taking longer than 15minutes for someone to add an additional permission flag.
The screenshot from the docs seems to be impossible to achieve? files:read reads way more permissions than that screenshot. Please just add a ‘user’ permission, all i need is that user id an email.