Hamsterland
commented
2 years ago As per the reply on Discord, I'll go ahead and PR this
Open Hamsterland opened 2 years ago
Hamsterland
commented
2 years ago As per the reply on Discord, I'll go ahead and PR this
MazeXP
commented
2 years ago Just a note that came up:
/authorize endpoint should not send a request but return the built url/token and /token/revoke should send an actual request
AraHaan
commented
1 year ago How would the bot get the authorization token though if it does not redirect to a least a website? I think that is why the Discord auth package maintained by the aspnetcore team exists.
Hamsterland
commented
1 year ago How would the bot get the authorization token though if it does not redirect to a least a website? I think that is why the Discord auth package maintained by the aspnetcore team exists.
The library isn't responsible for the server. That's for you to setup yourself, and it's pretty easy with Owin.
Description
Currently
IDiscordRestOAuth2APIonly has two endpointsThese are, to be fair, the only explicitly documented endpoints under the OAuth2 topic.
However, I think that the basic OAuth2 authorization flow endpoints should also have their own methods.
/authorize/token/token/revokeWhy This is Needed Remora.Discord should implement the full Discord API. Extracting the authorization flow into their own methods will expand Remora.Discord's use cases by simplifying the steps taken to authorize a user (e.g. in web apps).
Alternatives Considered While there are other libraries that do this for you, such as AspNet.Security.OAuth.Providers, these are very abstracted, feature-rich, and heavily opinionated towards usage in fully-fledged websites. As such, they do not integrate well with the Remora ecosystem.
I am proposing a simple wrapper around the authorization flow endpoints that does not involve Remora.Discord hosting any webservers to catch authorization codes - this is up to the consumer.
Additional Details Discord has its own OAuth2 URL generator that is quite simple to replicate. There could be a helper method to create these URLs too.
...
If this is an issue you think is worth implementing, I would be happy to open a PR.