Implement the OAuth2 authorization flow #210
Comments
|
As per the reply on Discord, I'll go ahead and PR this |
|
Just a note that came up:
|
|
How would the bot get the authorization token though if it does not redirect to a least a website? I think that is why the Discord auth package maintained by the aspnetcore team exists. |
The library isn't responsible for the server. That's for you to setup yourself, and it's pretty easy with Owin. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Currently
IDiscordRestOAuth2APIonly has two endpointsThese are, to be fair, the only explicitly documented endpoints under the OAuth2 topic.
However, I think that the basic OAuth2 authorization flow endpoints should also have their own methods.
/authorize/token/token/revokeWhy This is Needed
Remora.Discord should implement the full Discord API. Extracting the authorization flow into their own methods will expand Remora.Discord's use cases by simplifying the steps taken to authorize a user (e.g. in web apps).
Alternatives Considered
While there are other libraries that do this for you, such as AspNet.Security.OAuth.Providers, these are very abstracted, feature-rich, and heavily opinionated towards usage in fully-fledged websites. As such, they do not integrate well with the Remora ecosystem.
I am proposing a simple wrapper around the authorization flow endpoints that does not involve Remora.Discord hosting any webservers to catch authorization codes - this is up to the consumer.
Additional Details
Discord has its own OAuth2 URL generator that is quite simple to replicate. There could be a helper method to create these URLs too.
...
If this is an issue you think is worth implementing, I would be happy to open a PR.
The text was updated successfully, but these errors were encountered: