Open brandnamewater opened 4 years ago
Same here. I dont find any way to personalize the scope
i have add this on my setting.py and the login page say is gonna collect guilds. Now i just need to find where is store, because i dont see it on the Extra data
SOCIALACCOUNT_PROVIDERS = {
'discord': {
'SCOPE': ['identify',
'email',
'guilds']
}
}
I have a similar problem, but it looks like that the OAuth2 Client is not urlencoding the scopes correctly.
With regards to the docs of discord, the scopes need to be urlencoded like scope=identify%20email%20guilds
but the urlencode form of the allauths oauth2 client is doing this scope=identify+email+guilds
. When using the generated url of discords oauth2 app url generator it works.
Reading the code in the OAuth2 Client it's using the django.utils.http urlencode() function but by default it's not using the correct quote() method, but the quote_plus method, which encodes spaces into + signs, and not into %20 values.
when using the urllib.parse.urlencode() method, it's also doing dictionary encoding in query strings, but you can pass instead of quote_plus the quote method as quote_via parameter.
this comment is an aside to @pennersr
I see so many damn social auth issues. I can't recall where we landed on this but a separate repository for social auth would allow for more focused and intentional support for social application integration. With more aggressive triage this is probably not that big of a buy. Just worth noting.
here are some thoughts on how to reduce these issue submisisons and improve the quality of these services.
Wrt 1) and 2):
Wrt 3):
This issue will solve itself over time -- as more and more providers move towards standardization on OpenID Connect. For example, in the last release 2 providers were already removed because of this.
Didn't realize this was happening. Thats fantastic and makes this discussion 100% moot. I should have just created a discussion and linked this issue, my bad.
The problem with guilds is that you have to manually fetch them using the following API: https://discord.com/developers/docs/resources/user#get-current-user-guilds
The cleanest way would probably be to create a custom DiscordOAuth2Adapter
that overrides/extends the complete_login
method from the original one (https://github.com/pennersr/django-allauth/blob/main/allauth/socialaccount/providers/discord/views.py) and adds the response from the guild API to the extra_data
.
I didn't implement it myself (I decided to do the authorization manually at the moment) so I'm not sure on how to correctly import/use the new adapter.
Another possible way would be to set the setting SOCIALACCOUNT_STORE_TOKENS = True
and use the stored token to fetch the data somewhere else.
Is there any way to add the "guild" scope to the discord oauth?
When I manually use the oauth2 link discord supplies me with that has identify, email, guild, the authentication will break. When I take guild out, it will work.
Is discord blocking this or something or is it the django-allauth app?
My goal is to get the users guilds that they are admins of.