ally
ally copied to clipboard
adonisjs
Fix discord integration
In Ally we're authorizing users, not requesting an access token for a bot, as such, the guild and permissions parameters are not valid: https://discord.com/developers/docs/topics/oauth2#bot-users
We're also using the user integration type, since that's the purpose of Ally: to authenticate users.
🔗 Linked issue
I didn't open an issue, instead went straight for a PR to fix.
❓ Type of change
- [x] 🐞 Bug fix (a non-breaking change that fixes an issue)
- [ ] 👌 Enhancement (improving an existing functionality like performance)
- [ ] ✨ New feature (a non-breaking change that adds functionality)
- [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to change)
📚 Description
Aligns the oauth redirect parameters with those documented in the Discord docs for user authorization.
https://discord.com/developers/docs/topics/oauth2#authorization-code-grant
Previously we had parameters that were only applicable for bot-user authentication, which isn't what Ally is being used for here.
I've also corrected the userinfo URL.
📝 Checklist
- [ ] I have linked an issue or discussion.
- [ ] I have updated the documentation accordingly.
If I get it right, you are saying that if I am authenticating a regular user then the concept of guilds do not apply to them?
Looks like CI failures are all due to linting (I wrote this in the github editor, so didn't have prettier)
Okay, so I was reading about guilds here https://support.discord.com/hc/en-us/articles/23187611406999-Guilds-FAQ#h_01HXW2MCD0W4NTT0TPARSDHHS0 and it turns out they are like servers.
My understanding of Discord is not that great. But wouldn't I be able to get a list of servers for a user that just logged-in to my app using Discord? For example, I am building some social network for gamers and I will to let them login only using Discord and show which guilds/servers they are part of?
Also, I thought of looking at OmniAuth from Rails and seems like they query the users/@me endpoint too. https://github.com/deanpcmad/omniauth-discord/blob/main/lib/omniauth/strategies/discord.rb#L34
But anyways, do let me know if there is some lapse in my understanding 👍
@thetutlage their documentation isn't the best but I think the idea is the /oauth/@me is always available, but /api/users/@me depends on scope granted.
Also I think to get guilds you'd use the access token and make an API request with it
Also I think to get guilds you'd use the access token and make an API request with it
Yup, that's why we should allow generating an access token with guilds scope.
I think, I will give it a real test with some scenarios, like authenticating a user without guilds and then fetching their user info. Another one with guilds and fetching their guilds as well.
If it turns out that /oauth/@me is what works always, then we can go with it 🙂
This pull request has been marked as stale because it has been inactive for more than 21 days. Please reopen if you still intend to submit this pull request
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This pull request has been marked as stale because it has been inactive for more than 21 days. Please reopen if you still intend to submit this pull request
This pull request has been automatically closed because it has been inactive for more than 4 weeks. Please reopen if you still intend to submit this pull request