This is a serious hole in the website's functionality. I love Itch as a distribution platform, but as a marketplace the inability for a program to do a check as simple as "does the current user own this" is pretty ridiculous.

This is now 6 years since the "launch of OAuth" for Itch, but it's only use is still getting the current user's profile.

Things Missing or Incorrect:

• The OAuth documentation is missing the fact that the request URI must in include response=token as a query parameter. See OAuth Documentation Missing Information #918
• Lack of support for game, game:view, and game:view:purchases scopes. See [Unity/C#] Check in-game if user has a valid download key without forcing OAuth #1121
• Incorrect description for profile scope in OAuth request page (it states that profile scope gives access to the user's game library and purchases)

I really appreciate Itch and don't want to come off as entitled, but it's extremely misleading to have multiple pages on the site claiming this functionality exists and then a single (easily missed) line near the bottom of one documentation page that clarifies "this is actually mostly useless." It seems from the rest of the documentation that Itch would rather us use JWT keys and ask users to download the official app (which isn't totally ideal for all situations), but if that's the case, then I'd like to recommend the complete removal of OAuth rather than continuing to give people false hopes.