discord / discord-api-docs

Official Discord API Documentation
https://discord.com/developers/docs/intro
Other
5.95k stars 1.26k forks source link

403 error when use guilds.join #5578

Closed 10tera closed 1 year ago

10tera commented 2 years ago

Description

First of all, I apologize for my poor English.

description

I wrote a code to join members using guilds.join of Discord qauth2 api. There was no particular problem when it worked, and we confirmed the participation of a small number of accounts in the test environment. But the code stopped working as soon as the number of accounts increased. For some reason I got a 403 error. I was told that I do not have an access token, but since the access token was passed as an argument, I do not know the cause of the error at all. I thought that the authentication of the access token had expired, so I checked the authentication information of each access token with oauth2/@me, but I could confirm that guilds.join was added to the scope, and it had not expired. Seeking help.

It works when the number of accounts is small, so what is the problem? I've already tried reissuing the bot token and client secret, but it didn't work.

Steps to Reproduce

code

const rqt = (url, access_token, nickname) => {
    return new Promise((resolve, reject) => {
        console.log(access_token);
        console.log(nickname);
        request({
            url: url,
            method: "PUT",
            headers: {
                "Content-Type": "application/json",
                "Authorization": `Bot ${token}`
            },
            json: {
                "access_token": access_token,
                "nick": nickname
            }
        }, (error, response, body) => {
            console.log(body);
            resolve([error, response]);
        });
    });
}

It has been confirmed that the access token passed as an argument is not undefined/null.

Expected Behavior

All accounts are participating.

Current Behavior

Error

{ message: 'Invalid OAuth2 access token', code: 50025 }

Screenshots/Videos

No response

Client and System Information

Enviroment

Node.js v16.17.0 request v2.88.2 windows10/11

DV8FromTheWorld commented 2 years ago

Error code 50025 occurs when the access_token provided is either missing or is invalid. A token can be invalid when it is provided for the wrong application or wrong user. Access tokens are specific to a user or an application, so when attempting to add a user to a guild using an access token you need a unique token for each user you are attempting to add.

This is all the information I can provide without having more context. As a note, missing scopes is 50026, so that definitely isn't the problem.

10tera commented 2 years ago

I have an access token for each user I add but this didn't work. Also strange is that when I try to add 2 or 3 accounts in a row it succeeds, but when I try to add many accounts in a row it fails. For reference, here is the code to get the access token.

request("POST", "https://discord.com/api/v10/oauth2/token", {
         headers: { "Content-Type": "application/x-www-form-urlencoded" },
         body: `redirect_uri=${redirecturi}&client_id=${clientID}&client_secret=${clientSecret}&grant_type=authorization_code&code=${code}`
      }).done((token_response) => {
         try {
            if (token_response.statusCode >= 300) {
               console.log(`failure get accesstoken with statuscode ${token_response.statusCode}`);
               console.log(`code:${code}`);
               return res.sendFile(__dirname + "/pages/failure.html");
            }
            else {
               const token_body = JSON.parse(token_response.getBody("utf-8"));

               console.log(`access_token:${token_body["access_token"]}`);
               console.log(`refresh_token:${token_body["refresh_token"]}`);
               if (!(token_body["access_token"] && token_body["refresh_token"])) {
                  console.log("failure get tokenbody[access_token]");
                  return res.sendFile(__dirname + "/pages/failure.html");
               }
               access_token = token_body["access_token"];
               refresh_token = token_body["refresh_token"];
    ...........
10tera commented 1 year ago

We also verified that we were not using access tokens from different users.

yonilerner commented 1 year ago

In your code sample, you have

"Authorization": `Bot ${token}`

, but when using an OAuth2 access token, you need to do

"Authorization": `Bearer ${token}`
yonilerner commented 1 year ago

Oh wait I misunderstood, my bad

yonilerner commented 1 year ago

Is it possible the bot doesnt have the CREATE_INSTANT_INVITE anymore?

10tera commented 1 year ago

I don't think it is because the bot has admin privileges.

yonilerner commented 1 year ago

If you can put together a runnable code sample that reproduces this error I may be able to help debug, otherwise there isn't a lot I can do. The API appears to be working as expected for most users

10tera commented 1 year ago

I thought it would be too big to describe the entire application, so I attached the code of the file that describes the command processing. Please note that this code is very dirty;;sry https://gist.github.com/10tera/e019a2a427e435333e8ee40f64abd622

yonilerner commented 1 year ago

The way youre getting the tokens seems very error prone. Unfortunately I cant help debug this much more, but given that only are experiencing this issue I think its likely a problem with your code. I would refactor your code to not use so many nested closures. In particular, line 127 looks questionable in that you may not be accessing the index into the tokenlist array that you think you are