search

arjunattam / vscode-chat

Chat with your team while you collaborate over code using VS Live Share
https://marketplace.visualstudio.com/items?itemName=karigari.chat
GNU General Public License v3.0
529 stars 67 forks source link

Against Discord TOS #233

Open erickang21 opened 5 years ago

erickang21 commented 5 years ago

You ask for a user account token. That is much like self-botting, which is against the Discord TOS.

Please find a different method that can't risk my account getting banned.

Thanks

arjunattam commented 5 years ago

hey @bananaboy21 - thanks for sharing this concern. The current discord token setup is not ideal, I agree.

As mentioned in our docs, the goal is to move to Discord RPC when it comes out of private beta. With that, all API calls will be mirrored via RPC, and authentication will use the Discord OAuth flow.

The current ToS prevent automating user accounts. I'm not a legal expert, but afaik, we are not automating any user activities with this extension. Happy to be corrected if you think differently.

Nevertheless, will keep an eye out on Discord RPC support, and migrate to it whenever possible

FiniteReality commented 5 years ago

I just read the update notes for the VS Code Live share extension, and found this mentioned. While I think the idea is great, I'm pretty sure it is against the Discord ToS. I'm not a Discord developer, but from my experience working with Discord, any use of user tokens outside of the official Discord client is classified as "automating user accounts", and isn't allowed as such.

As an example, Discord have recently started removing the authorization token from localStorage on start-up, in an attempt to prevent users from grabbing their auth token. Of course, there are ways to work around it (like the link you provided in your docs, using an API request) but IMO, Discord has made their stance loud and clear on this - don't use user tokens.

Unfortunately, while the RPC API is a thing, I do not believe it provides a way to create messages; only receive them.

erickang21 commented 5 years ago

maybe a better idea is creating a webhook, and allowing users to add the url to the extension- allowing the extension to post messages to the channel using api requests, without violating TOS.

ravener commented 5 years ago

@bananaboy21 webhooks can't recieve messages tho

mittalyashu commented 5 years ago

@arjun27 Once the Discord OAuth flow is out, then how can we remove the Discord token from vscode-chat.