Creating an app just to authenticate users?

[symac]

Hello,
on a website I have built (mastory), in order to be able to optin/optout users, I want to be able to authenticate them and be sure who they are. My only need is to be sure that a visitor on Mastory that wants to optin/optout is who he claims to be. For that I have added a login page that will ask for permission for an app on the instance. I don't need to get any data, just want to be sure that the user is who he claims.

At the moment I am using the most basic scope which is read but some users are wondering if that would not allow me to read too much things, especially their direct messages. I have not tested and the documentation just says read data but I think it would be nice to have an option just to get basic user information which would be less than read data, just get user public profile for example.

I hope that I am not asking for something that is already possible but I have searched for another option and have not found so far.