![]() ![]() ![]() So yeah, at the very least update the error message returned so that it tells the person the requested scopes are not all valid for applications in a team. That said, the proximate cause for raising this issue is that there's nothing in the documentation, API response, or anything else anywhere which says adding an application to a team will straight up make certain scopes invalid - and even worse, that having them in the auth request will block token access in its entirety, leaving people scratching their heads (in my case, for a few hours) trying to figure out why legitimate scopes are being called invalid, unknown, or malformed - especially when they work perfectly fine in other apps using the client credentials flow. I think it's safe to assume the Discord API's OAuth implementation isn't going to be overhauled to treat applications as bot users are treated now even if that would be the more conventional approach (and apparently the direction Slash Commands are headed in). ![]() There is no actual functionality which apps in teams do not have currently Not to mention all this functionality works perfectly fine when an application is not registered under a team, so anyone trying to use it currently needs to not register their application under a team and just go back to the old superuser account stuff which is precisely the reason teams exist in the first place.Īs I said earlier, (which appears to be your example) can be used by applications in teams, but that is the only OAuth2 scope which gives access to the application instead of a user or guild. to Google Cloud Developers The drive.file scope specifically states 'View and manage Google Drive files and folders that you have opened or created with this app'. The example will be done in Python for brevity and. A user does not factor in at all and I have never seen an implementation that returned a user as the subject/principal when authenticating using this flow.Īside from protocol implementations, the documentation specifically mentions using the client credentials flow with Slash Commands which makes applications added to arbitrary guilds unable to register Guild Slash Commands and do many other things because they have no context of where they are, who is using them, etc. Using the Google Workspace APIs This codelab introduces you to using Google Workspace (formerly G Suite) HTTP-based RESTful APIs. Requesting access to the protected resources under its control except for the client credentials flow which is explicitly used when a client is The OAuth2 protocol as a whole is for authorizing users so I don't see what else you could expect it to do ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |