Hi, I’m new.
I’m working on a simple bot that is connecting to chat via the IRC websocket. My bot only needs to read chat, so my token only has the chat:read scope.
I’m curious if there is any potential harm in leaking this oauth code.
My reasoning is that since I only need to read chat, I can use a dummy account with a limited scope token to accomplish my goal, and therefore bypass the need for anyone to authenticate their own account through my service. This is beneficial to the user experience, and also the development process, because the user will have less steps to set up, and I won’t need to use a database to store anything securely.
However, since I am new, I feel like there may be some risk involved that I am unaware of.
Has anyone done anything like this before? Is there anything that my novice mindset is overlooking?
Any information is greatly appreciated, as internet searching has returned zero results on this matter.
Thanks for your time.