Closed artdevgame closed 5 years ago
ghost
commented
5 years ago Presences require an active gateway connection (changing the presence is done through the gateway and only the gateway). Making a gateway connection with an unofficial client or program is a ToS violation and will lead to an account termination if caught.
Zoddo
commented
5 years ago Automating user accounts (that is, connecting to the API from a custom script with your user token) is indeed against the ToS.
To be able to do that without violating the ToS, Discord should provide an OAuth scope which allow to change that. I think this can be implemented with a RPC endpoint. In fact, being able to do such changes with RPC may be cool. I hope this may implemented some day.
Emzi0767
commented
5 years ago Changing the presence via RPC is supported, a notable example would be rich presence.
artdevgame
commented
5 years ago I'm not familiar with what an active gateway connection is in the context of Discord or why its a violation of the ToS to use it.
I'd like to be able to alter my presence via a Node.js script (via an access token generated by oAuth). Seems weird to me that that functionality is locked away, I just don't understand the risks to Discord or the network.
I had a quick look at the Rich Presence but don't think its compatible with my language of choice.
Thanks for the feedback though. I'll just mark it down as impossible (given that I don't want to violate the ToS)
z64
commented
5 years ago I'm not familiar with what an active gateway connection is in the context of Discord
See:
https://discordapp.com/developers/docs/reference#gateway-websocket-api
.. or why its a violation of the ToS to use it.
See:
Automating normal user accounts (generally called "self-bots") outside of the OAuth2/bot API is forbidden, and can result in an account termination if found.
https://discordapp.com/developers/docs/topics/oauth2#bot-vs-user-accounts
as well as some language in
https://discordapp.com/developers/docs/legal#2-license-accounts-and-restrictions
and
https://support.discordapp.com/hc/en-us/articles/115002192352-Automated-user-accounts-self-bots-
I just don't understand the risks to Discord or the network.
The "risk" is allowing any arbitrary black hat behavior enabled by using a regular user account. People regularly abuse user accounts to mass spam invites, advertise, or collect data, etc. - this happens all the time, and Discord has both automated and does manual auditing of account behavior to defend against this.
Giving other people software that requires them to insert their own user token gives an application access to all kinds of information and capabilities that the software may - intentional or not (bug) - abuse.
Rather than explicitly lay out every single pattern that could be safely allowed (which also informs attackers of what will get them caught), it is simpler for Discord to completely disallow direct manipulation of user accounts.
Using a vehicle that strictly allows access to your user account (OAuth2) is the safe way to do such actions, since it securely asks the user permission to do so. Outside of scopes like rpc.api (currently not for public use), or Rich Presence, etc., there isn't any such vehicle to do most actions that normal users do in an automated way.
I'd like to be able to control my own online presence via the API so that I can move between 'do not disturb' and 'online'
After discussion on the community server, I'm led to believe this is currently a ToS violation, even though the client (which I believe uses the API) is capable of doing it.
If I'm wrong, can someone point me to the correct parts in the documentation please?