Fix discord integration

[ThisIsMissEm]

In Ally we're authorizing users, not requesting an access token for a bot, as such, the guild and permissions parameters are not valid: https://discord.com/developers/docs/topics/oauth2#bot-users

We're also using the user integration type, since that's the purpose of Ally: to authenticate users.

🔗 Linked issue

I didn't open an issue, instead went straight for a PR to fix.

❓ Type of change

• 🐞 Bug fix (a non-breaking change that fixes an issue)
• 👌 Enhancement (improving an existing functionality like performance)
• ✨ New feature (a non-breaking change that adds functionality)
• ⚠️ Breaking change (fix or feature that would cause existing functionality to change)

📚 Description

Aligns the oauth redirect parameters with those documented in the Discord docs for user authorization.

https://discord.com/developers/docs/topics/oauth2#authorization-code-grant

Previously we had parameters that were only applicable for bot-user authentication, which isn't what Ally is being used for here.

I've also corrected the userinfo URL.

📝 Checklist

• I have linked an issue or discussion.
• I have updated the documentation accordingly.

[thetutlage]

If I get it right, you are saying that if I am authenticating a regular user then the concept of guilds do not apply to them?

[ThisIsMissEm]

Correct, nor do any of the bot options

[ThisIsMissEm]

Looks like CI failures are all due to linting (I wrote this in the github editor, so didn't have prettier)

[thetutlage]

Okay, so I was reading about guilds here https://support.discord.com/hc/en-us/articles/23187611406999-Guilds-FAQ#h_01HXW2MCD0W4NTT0TPARSDHHS0 and it turns out they are like servers.

My understanding of Discord is not that great. But wouldn't I be able to get a list of servers for a user that just logged-in to my app using Discord? For example, I am building some social network for gamers and I will to let them login only using Discord and show which guilds/servers they are part of?

Also, I thought of looking at OmniAuth from Rails and seems like they query the users/@me endpoint too. https://github.com/deanpcmad/omniauth-discord/blob/main/lib/omniauth/strategies/discord.rb#L34

But anyways, do let me know if there is some lapse in my understanding 👍

[ThisIsMissEm]

@thetutlage their documentation isn't the best but I think the idea is the /oauth/@me is always available, but /api/users/@me depends on scope granted.

[ThisIsMissEm]

Also I think to get guilds you'd use the access token and make an API request with it

[thetutlage]

Also I think to get guilds you'd use the access token and make an API request with it

Yup, that's why we should allow generating an access token with guilds scope.

I think, I will give it a real test with some scenarios, like authenticating a user without guilds and then fetching their user info. Another one with guilds and fetching their guilds as well.

If it turns out that /oauth/@me is what works always, then we can go with it 🙂

[github-actions]

This pull request has been marked as stale because it has been inactive for more than 21 days. Please reopen if you still intend to submit this pull request

[github-actions]

This pull request has been marked as stale because it has been inactive for more than 21 days. Please reopen if you still intend to submit this pull request