search

Rapptz / discord.py

An API wrapper for Discord written in Python.
http://discordpy.rtfd.org/en/latest
MIT License
14.72k stars 3.74k forks source link

Bearer tokens unable to login #521

Open jowrjowr opened 7 years ago

jowrjowr commented 7 years ago

While setting up a discord tool, I found that my yes, they are valid bearer tokens were not working. I found that odd since even

From discord/http.py:

Not working:

            headers['Authorization'] = 'Bot ' + self.token if self.bot_token else self.token

Working:

            headers['Authorization'] = 'Bot ' + self.token if self.bot_token else 'Bearer ' + self.token

The discord API documentation is pretty crystal about how you need to specify the token type: https://discordapp.com/developers/docs/reference

See also: https://github.com/hammerandchisel/discord-api-docs/issues/119

This is not currently an issue for the websocket connection.

Rapptz commented 7 years ago

This library does not support OAuth2 tokens (or OAuth2 flow in general). Your token type link is therefore irrelevant.

The library handles user accounts and bot accounts. Hence why the if statement is the way it is now. Bearer tokens cannot establish a websocket connection so I'm not sure why you bring that up.

I'll leave this issue up for whenever I decide to support it.

jowrjowr commented 7 years ago

I'm trying to do websocket connections (well, technically, i'm being lazy and not writing the oauth flow and websockets myself because you did a good job with it) and nowhere in the discord gateway documentation does it say that bearer tokens can't do websocket connections.

In fact, they have two specific gateway endpoints: /gateway and /gateway/bot which strongly implies that you can use them with bearer tokens. If you can't could you point me to where it says that it doesn't?

Rapptz commented 7 years ago

Bearer tokens have very limited functionality. They are enumerated here in the documentation. Everything else is unsupported. Including the gateway.

The two endpoints are different. /gateway just gives you the URL and works for both user and bot accounts. /gateway/bot is the same except with a pre-computed shard count.

Quantification commented 7 years ago

Kudos to @jowrjowr for raising this topics.

My 5 cents to the usefulness of Bearer tokens. Yes, their functionality is indeed limited. However, sometimes it is just what is needed. For example, when authenticating the user's Discord ID. When one needs to verify that Discord ID is provided by the account's owner. Regular Oauth2 token is an overkill for this task.

Hopefully, such an extension may be not very expensive in terms of codebase modification.

Update: even with the hack from @jowrjowr could not log in using Bearer token (also passed kwargs 'bot=False')

Update 2: After digging a bit deeper it turned out that for the use of Bearer tokens the endpoints (i.e. the urls to send requests to) are different from the one used by discord.py client (see the docs). This supports @Rapptz opinion that adapting discord.py to this kind of requests is not the best idea.