I'm adding a feature to lichess-bot that would allow users to refuse games against accounts they block and ToS violators. However, when this information is queried from the /api/user/{username} access point, the blocking and tosViolation fields are missing. According to the first comment in issue #159, these fields "never appear in a response to a unauthenticated request." I've tried making tokens with bot:play and web:login scopes, but these don't work. A comment on discord says that OAuth tokens are not sufficient authentication for these values.
I'm adding a feature to lichess-bot that would allow users to refuse games against accounts they block and ToS violators. However, when this information is queried from the
/api/user/{username}
access point, theblocking
andtosViolation
fields are missing. According to the first comment in issue #159, these fields "never appear in a response to a unauthenticated request." I've tried making tokens withbot:play
andweb:login
scopes, but these don't work. A comment on discord says that OAuth tokens are not sufficient authentication for these values.