Figma Support Forum

Get only user identity via OAuth

Hello friends,

I noticed the only permission scope of Figma authentication via OAuth2 is “file_read”, but this is too much for me. In my circumstances, users are posting some data to my server inside the Figma plugin, for which I only have to get a valid user identity, not an access to their Figma files.

I think it’s very similar to those “Sign in with Google/Facebook” buttons, does Figma provide something like this? A “Sign in with Figma” button?

There is no such thing unfortunately. But I think it’s still kind of valid to use it for auth until they add more permissions control because without having specific Figma file or team links you won’t be able to get any of their files.

Yes, but how users will know that? they see “xxx would like to access your files”, this is so scary. :fearful:

You can tell users about it on the login page but yeah I agree it doesn’t look good. Interestingly, even the Figma Forum itself asks you for those permissions when you are signing up.