search

discord / discord-api-docs

Official Discord API Documentation
https://discord.com/developers/docs/intro
Other
5.85k stars 1.23k forks source link

[API] Bot MFA/Two Factor #69

Closed jhgg closed 8 years ago

jhgg commented 8 years ago

On June 17th, 2016 - bots will start considering their owner's two factor status on servers with two factor authentication enabled, meaning, they will be unable to perform functions which require "elevated" permissions functions on servers with two-factor authentication enabled until the application owner turns on two factor on their account.

As an example:

Server A turns on two factor. This means that all regular users will be required to enable two factor on their accounts before they can perform functions requiring "elevated" permissions. Bots obviously can't have two factor, so we continue to allow bots to perform these functions on these servers. However, after this change, we will consider the two factor status of the account that owns the bot to check whether to allow the bot to perform these actions on a server with two factor enabled.

If your bot does not require these permissions, or the server does not have two factor on, your bot is unaffected. If the owner account does not have two factor enabled, and the bot tries to perform a function which requires "elevated" permissions, it will not be able to until the owner account turns on 2fa. Other than that, the bot should still be able to do everything else that does not require the "elevated" permissions.

The following are considered "elevated" permissions:

For more info about how two factor works on Discord, check out the blog post: https://blog.discordapp.com/keeping-discord-safe-and-sound/ and the support article: https://support.discordapp.com/hc/en-us/articles/219576828

metagn commented 8 years ago

2fa doesn't exist for bots...

AraHaan commented 8 years ago

I know, but it does rely on the owner to have it on.

metagn commented 8 years ago

But the owner token doesnt change if you invalidate the bot's token

night commented 8 years ago

Bot tokens only change when you change them via the "My Applications" page on the developers site. You should not automate logging into Discord at all, either with or without 2fa. Do so at your own risk, and take note that we have already stated we will ban offenders for it.