search

teamreflex / oauth2-discord

OAuth2 client for authenticating with the Discord API servers
MIT License
61 stars 26 forks source link

Can not accept invites #12

Closed stevemulligan closed 7 years ago

stevemulligan commented 7 years ago

I'm having a problem when I try to run the example code in the readme when it comes to accepting the invite.

I created an instant invite on my server. I created a new app, I did not create a bot user for it. I setup the redirect URI to point to the PHP script in the readme.

When I run the script in the readme, I click "Login with Discord" I am then prompted with the "Connect to Discord" screen with the appropriate permissions listed (I added guilds.join). When I click "Authorize" the response object returns code 20002 (Only bots can use this endpoint). This is confusing since the docs state: "This is not available to bot accounts, and requires the guilds.join OAuth2 scope to accept on behalf of normal users."

Just to see what happens, I turned my app into a bot, and then I get error code 50036 which is unlisted.


<?php

include __DIR__.'/vendor/autoload.php';

$provider = new \Discord\OAuth\Discord([
        'clientId'     => 'CLIENTID',
        'clientSecret' => 'CLIENTSECRET',
        'redirectUri'  => 'REDIRECTURI'
]);

if (! isset($_GET['code'])) {
        echo '<a href="'.$provider->getAuthorizationUrl(['scope' => 'guilds.join identify email guilds']).'">Login with Discord</a>';
} else {
        $token = $provider->getAccessToken('authorization_code', [
                'code' => $_GET['code'],
        ]);

        // Get the user object.
        $user = $provider->getResourceOwner($token);

        // Get the guilds and connections.
        $guilds = $user->guilds;
        $connections = $user->connections;

        // Accept an invite
        $invite = $user->acceptInvite('https://discord.gg/Wka4c5n');

        var_dump($invite);

}
stevemulligan commented 7 years ago

Here is the debug output from the http session. I'm not worried about any tokens in the output because I've deleted and recreated the app a few times since running this.

* Hostname in DNS cache was stale, zapped
*   Trying 104.16.58.5...
* Connected to discordapp.com (104.16.58.5) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: OU=Domain Control Validated; OU=PositiveSSL; CN=discordapp.com
*  start date: Feb 24 00:00:00 2017 GMT
*  expire date: Mar 11 23:59:59 2020 GMT
*  subjectAltName: host "discordapp.com" matched cert's "discordapp.com"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
*  SSL certificate verify ok.
> POST /api/oauth2/token HTTP/1.1
Host: discordapp.com
User-Agent: GuzzleHttp/6.2.1 curl/7.50.1 PHP/7.0.8-3ubuntu3
content-type: application/x-www-form-urlencoded
Content-Length: 197

* upload completely sent off: 197 out of 197 bytes
< HTTP/1.1 200 OK
< Date: Tue, 28 Mar 2017 03:17:25 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=dd6dec2b8f5a86e6558d54a34ce490d771490671045; expires=Wed, 28-Mar-18 03:17:25 GMT; path=/; domain=.discordapp.com; HttpOnly
< Pragma: no-cache
< Cache-Control: no-store
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Via: 1.1 google
< Alt-Svc: clear
< Server: cloudflare-nginx
< CF-RAY: 34676fb35a0006a9-EWR
< 
* Connection #0 to host discordapp.com left intact
* Found bundle for host discordapp.com: 0x560283756c90 [can pipeline]
* Re-using existing connection! (#0) with host discordapp.com
* Connected to discordapp.com (104.16.58.5) port 443 (#0)
> GET /api/users/@me HTTP/1.1
Host: discordapp.com
User-Agent: GuzzleHttp/6.2.1 curl/7.50.1 PHP/7.0.8-3ubuntu3
Authorization: Bearer MjdyJrnCIvxNGVCCzqSf1aPNfjrUXL

< HTTP/1.1 200 OK
< Date: Tue, 28 Mar 2017 03:17:25 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=dd6dec2b8f5a86e6558d54a34ce490d771490671045; expires=Wed, 28-Mar-18 03:17:25 GMT; path=/; domain=.discordapp.com; HttpOnly
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Via: 1.1 google
< Alt-Svc: clear
< Server: cloudflare-nginx
< CF-RAY: 34676fb39a1006a9-EWR
< 
* Connection #0 to host discordapp.com left intact
* Found bundle for host discordapp.com: 0x560283756c90 [can pipeline]
* Re-using existing connection! (#0) with host discordapp.com
* Connected to discordapp.com (104.16.58.5) port 443 (#0)
> GET /api/users/@me/guilds HTTP/1.1
Host: discordapp.com
User-Agent: GuzzleHttp/6.2.1 curl/7.50.1 PHP/7.0.8-3ubuntu3
Authorization: Bearer MjdyJrnCIvxNGVCCzqSf1aPNfjrUXL

< HTTP/1.1 200 OK
< Date: Tue, 28 Mar 2017 03:17:25 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=dd6dec2b8f5a86e6558d54a34ce490d771490671045; expires=Wed, 28-Mar-18 03:17:25 GMT; path=/; domain=.discordapp.com; HttpOnly
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-RateLimit-Limit: 1
< X-RateLimit-Remaining: 0
< X-RateLimit-Reset: 1490671047
< Via: 1.1 google
< Alt-Svc: clear
< Server: cloudflare-nginx
< CF-RAY: 34676fb3da2606a9-EWR
< 
* Connection #0 to host discordapp.com left intact
* Found bundle for host discordapp.com: 0x560283756c90 [can pipeline]
* Re-using existing connection! (#0) with host discordapp.com
* Connected to discordapp.com (104.16.58.5) port 443 (#0)
> GET /api/users/@me/connections HTTP/1.1
Host: discordapp.com
User-Agent: GuzzleHttp/6.2.1 curl/7.50.1 PHP/7.0.8-3ubuntu3
Authorization: Bearer MjdyJrnCIvxNGVCCzqSf1aPNfjrUXL

< HTTP/1.1 200 OK
< Date: Tue, 28 Mar 2017 03:17:25 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=dd6dec2b8f5a86e6558d54a34ce490d771490671045; expires=Wed, 28-Mar-18 03:17:25 GMT; path=/; domain=.discordapp.com; HttpOnly
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Via: 1.1 google
< Alt-Svc: clear
< Server: cloudflare-nginx
< CF-RAY: 34676fb43a4206a9-EWR
< 
* Connection #0 to host discordapp.com left intact
string(42) "https://discordapp.com/api/invites/Wka4c5n"
* Found bundle for host discordapp.com: 0x560283756c90 [can pipeline]
* Re-using existing connection! (#0) with host discordapp.com
* Connected to discordapp.com (104.16.58.5) port 443 (#0)
> POST /api/invites/Wka4c5n HTTP/1.1
Host: discordapp.com
Content-Length: 0
User-Agent: GuzzleHttp/6.2.1 curl/7.50.1 PHP/7.0.8-3ubuntu3
Authorization: Bearer MjdyJrnCIvxNGVCCzqSf1aPNfjrUXL

< HTTP/1.1 403 FORBIDDEN
< Date: Tue, 28 Mar 2017 03:17:25 GMT
< Content-Type: application/json
< Content-Length: 61
< Connection: keep-alive
< Set-Cookie: __cfduid=dd6dec2b8f5a86e6558d54a34ce490d771490671045; expires=Wed, 28-Mar-18 03:17:25 GMT; path=/; domain=.discordapp.com; HttpOnly
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Via: 1.1 google
< Alt-Svc: clear
< Server: cloudflare-nginx
< CF-RAY: 34676fb46a5606a9-EWR
< 
* Connection #0 to host discordapp.com left intact
object(Discord\OAuth\Parts\Invite)#48 (4) {
  ["code"]=>
  int(20002)
  ["guild"]=>
  NULL
  ["xkcdpass"]=>
  NULL
  ["channel"]=>
  NULL
}
ddavaham commented 7 years ago

Remembered this from the Documentation for the Discord oauth

https://discordapp.com/developers/docs/topics/oauth2

Unlike the rest of the scopes, guilds.join requires you to have a bot account linked to your application and can only be used to join users to guilds which your bot services.
stevemulligan commented 7 years ago

All those requirements are being met.

After searching and interacting in the #api channel in the Discord API Discord I'm confident this is not specific to the PHP SDK. This is an API issue that started in Feb 2017.