Discord OAuth Code Usage
I am interested in interacting with Discord using the Discord API. I would describe their documentation as "sparse", but maybe I'm just not looking in the right places. Most of my information comes from this page:
https://discordapp.com/developers/docs/topics/oauth2
I've already created my Discord guild and app (and even a bot, which might be unnecessary). My specific plan is to allow users to grant permission to my site to add them to the private guild / Discord server. I have a hyperlink on one of my site pages that links to this url:
This part seems to work well. The user approves the request. The user is then sent back to my site with a code key-value pair in the query string. I think this code is called the so called "authorization code". So how can I use this authorization code to add a user to my guild? I found this page on the Discord site:
https://discordapp.com/developers/docs/resources/guild#add-guild-member
From this page, I can see that I need to initiate a PUT for this url:
https://discordapp.com/api/guilds/ {guild.id} / members / {user.id}
But I don't know {user.id}. I only have an authorization code.
It also says "... if you have a valid oauth2 access token for a user with the guilds.join scope." I don't have an access token. Again, I only have the authorization code.
I feel like I need to somehow exchange this authorization code for an access token and user id. Can anyone tell me how to do this? I experimented with the following url, but I don't know which method (GET, POST, etc.) or what parameters to send it:
https://discordapp.com/api/oauth2/token
Since I would like to understand how it works, I would rather know how to do it with regular web requests (such as HttpWebRequest and WebClient, as opposed to using some OAuth library).
Update
I decided to read (selectively) this RFC:
https://tools.ietf.org/html/rfc6749#section-4.1.3
I have linked the section that I think is the most appropriate. The correct procedure seems to be to send a POST request to the following url and parameters:
https://discordapp.com/api/oauth2/token
grant_type = authorization_code & code = [AuthorizationCode] & redirect_uri = [RedirectURI] & client_id = [ClientID]
This is also similar to Peter G.'s answer. Unfortunately, this request failed with error 401 (Unauthorized). So I thought it was a dead end. I've tried this several times, but hopefully there is a solution. I got this response body:
{"error": "invalid_client"}
And I got these headers:
Connection: close
Pragma: no-cache
Strict-Transport-Security: max-age = 31536000; IncludeSubdomains
Alt-Svc: clear
CF-RAY: [RedactedJustInCase]
Content-Length: 27
Cache-Control: no-store
Content-Type: application / json
Date: Fri, 07 Apr 2017 01:12:19 GMT
Set-Cookie: __cfduid = [RedactedJustInCase]; expires = Sat, 07-Apr-18 01:12:19 GMT; Path = /; domain = .discordapp.com; HttpOnly
Server: cloudflare-nginx
Via: 1.1 google
source to share
You are almost there to get the OAuth token. You just need to use a different url as provided in your linked documentation, https://discordapp.com/api/oauth2/token . POST to it with the following parameters: https://discordapp.com/api/oauth2/token?client_id= [ClientID ]&grant_type=authorization_code&code= [AuthorizationCode
AuthorizationCode ]&redirect_uri= [RedirectURI ]&client_secret= [Secret] , where is the return from the first URLs, a Secret
is the client secret that you received when you first registered your application.
This should return you the client token (as well as the time the token will expire) in the body of the response. As for getting the User object, you need to add a scope identify
to the first request so that you can use the token to call https://discordapp.com/developers/docs/resources/user#get-current-user (in case of disconnection it is GET users/@me
). This API will return a User object in JSON form.
Finally, you can add the user by PUT-ing to https://discordapp.com/api/guilds/ [guild.id ]/ members/ [user.id ] using the user object you just got.
When using APIs, after receiving the client token (those who receive the user object and put the user in the guild), you need to put the token in the HTTP request under the authorization header using a bearer authentication scheme. Basically, this means that the title should be set to "Bearer TOKEN_HERE"
. You must also use the "application / x-www-form-urlencoded" content type if you haven't already used it.
If you don't understand anything here, I highly recommend reading about oauth from the original RFC (don't worry, these two sections are short): get authentication code , get token , authentication with carrier scheme . Their breaks when you are not using the library.
source to share