Attempting to load https://itch.io/user/oauth with the query parameter scope=profile%3Ame scope=profile%3Ame profile%3Agames (aka scope=profile:me profile:games) works properly, but scope=game%3Aview%3Apurchases (aka scope=game:view:purchases) results in a 404 page.
The API documentation states that scope is necessary to see what games a user has access to download: https://itch.io/docs/api/serverside#download_keys
On another note, the OAuth documentation doesn’t state that the query parameter response_type=token is required.
EDIT: I now see that the OAuth API reportedly “Only supports the profile:me” scope (which is incorrect, because it also supports profile:games). Apparently this has been the case since 2019.
Are there even any plans to expand OAuth to the documented scopes? If not, why are they listed under the Serverside API page?
I’d like my game to be able to check if the logged-in user has access to it and this seems like the least intrusive way of doing so.
EDIT2: Created a Github ticket: https://github.com/itchio/itch.io/issues/1498