不和谐的OAuth代码用法 [英] Discord OAuth Code Usage
问题描述
我对使用Discord API与Discord进行交互感兴趣.我会把他们的文档描述为稀疏",但是也许我只是不在正确的地方寻找.我的大部分信息都来自此页面:
I'm interested in interfacing with Discord using the Discord API. I would describe their documentation as "sparse," but maybe I'm just not looking in the right places. Most of my information comes from this page:
https://discordapp.com/developers/docs/topics/oauth2
我已经设置了Discord公会和应用程序(甚至是机器人,这可能是不必要的).我的具体计划是允许用户授予我的站点权限,以将其添加到私有Discord公会/服务器中.我的网站页面之一上有一个引用此URL的超链接:
I've already set up my Discord guild and application (and even a bot, which may be unnecessary). My specific plan to is to allow users to give my site permission to add them to a private Discord guild/server. I have a hyperlink on one of my site's pages that references this URL:
这部分似乎运作良好.用户批准该请求.然后将用户与查询字符串中的代码"键值对一起发送回我的站点.我认为这段代码就是所谓的授权代码".那么,如何使用此授权码将用户添加到公会中?我在Discord网站上找到此页面:
This part seems to work well. The user approves the request. The user is then sent back to my site with a "code" key-value pair in the query string. I think this code is what is called an "authorization code." So how can I use this authorization code to add the user to my guild? I found this page on the Discord site:
https://discordapp.com/developers/docs/resources/guild#add-guild-member
从该页面上,我可以看到我需要启动对该URL的PUT:
From that page I can see I need to initiate a PUT to this URL:
https://discordapp.com/api/guilds/ {guild.id}/members/{user.id}
https://discordapp.com/api/guilds/{guild.id}/members/{user.id}
但是我不知道{user.id}.我只有授权码.
But I don't know the {user.id}. I only have an authorization code.
它还说:"...只要您为具有guilds.join范围的用户提供了有效的oauth2访问令牌."我没有访问令牌.同样,我只有授权码.
It also says, "... provided you have a valid oauth2 access token for the user with the guilds.join scope." I don't have an access token. Again, I only have an authorization code.
在我看来,我需要以某种方式将此授权代码交换为访问令牌和用户ID.有人可以告诉我该怎么做吗?我一直在尝试以下URL,但是我不知道该使用哪种方法(GET,POST等)或发送该参数的参数:
So it seems to me I need to somehow exchange this authorization code for an access token and a user ID. Can someone tell me how to do that? I've been experimenting with the following URL, but I don't know what method (GET, POST, etc.) or what parameters to send it:
https://discordapp.com/api/oauth2/token
因为我想了解它的工作原理,所以我更想知道如何使用普通的Web请求(例如HttpWebRequest和WebClient,而不是使用某些OAuth库)来做到这一点.
Because I'd like to understand the intracacies of how this works, I'd prefer to know how to do this with ordinary Web requests (such as HttpWebRequest and WebClient, as opposed to using some OAuth library).
我决定(有选择地)阅读这份RFC:
I decided to read (selectively) this RFC:
https://tools.ietf.org/html/rfc6749#section-4.1.3
我已经链接了我认为最合适的部分.似乎正确的过程是将POST请求发送到以下URL和参数:
I have linked the section that I think is the most appropriate. It seems the correct procedure is to send a POST request to the following URL and parameters:
https://discordapp.com/api/oauth2/token
grant_type = authorization_code& code = [AuthorizationCode]& redirect_uri = [RedirectURI]& client_id = [ClientID]
grant_type=authorization_code&code=[AuthorizationCode]&redirect_uri=[RedirectURI]&client_id=[ClientID]
这似乎也符合彼得G的回答.不幸的是,此请求失败,并显示401(未经授权)错误.所以我认为这是一个死胡同.我已经尝试了几次,但希望有解决方案.我收到了此回复正文:
This also seems to be in accordance with Peter G's answer. Unfortunately, this request fails with a 401 (Unauthorized) error. So I figured this was a dead end. I've tried it several times, but hopefully there's a solution. I received this response body:
{错误":"invalid_client"}
{"error": "invalid_client"}
我收到了这些标题:
连接:关闭
编译指示:无缓存
严格的运输安全性:max-age = 31536000;includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
Alt-Svc:清除
Alt-Svc: clear
CF-RAY:[RedactedJustInCase]
CF-RAY: [RedactedJustInCase]
内容长度:27
缓存控制:无存储
内容类型:application/json
Content-Type: application/json
日期:2017年4月7日星期五,格林尼治标准时间
Date: Fri, 07 Apr 2017 01:12:19 GMT
Set-Cookie:__cfduid = [RedactedJustInCase];expires =星期六,2018年4月7日01:12:19 GMT;路径=/;domain = .discordapp.com;HttpOnly
Set-Cookie: __cfduid=[RedactedJustInCase]; expires=Sat, 07-Apr-18 01:12:19 GMT; path=/; domain=.discordapp.com; HttpOnly
服务器:cloudflare-nginx
Server: cloudflare-nginx
通过:1.1谷歌
推荐答案
就获得OAuth令牌而言,您几乎可以做到.您只需要使用链接的文档上列出的其他URL, https://discordapp.com/api/oauth2/token .使用以下参数向其发布:
You're almost there as far as getting the OAuth token is concerned. You just need to use the other URL listed on the documentation you linked, https://discordapp.com/api/oauth2/token. POST to it with the following parameters: https://discordapp.com/api/oauth2/token?client_id=[ClientID]&grant_type=authorization_code&code=[AuthorizationCode]&redirect_uri=[RedirectURI]&client_secret=[Secret] where the AuthorizationCode is the return from the first URL and the Secret is the client secret you got when first registering your app.
这应该使您在响应正文中获得客户端令牌(以及令牌过期需要多长时间).至于获取User对象,您需要在第一个请求中添加范围 identify ,以便可以使用令牌调用
That should get you the client token back (as well as how long it will take for the token to expire) in the response body. As for getting the User object, you need to add scope identify to the first request so you can use the token to call https://discordapp.com/developers/docs/resources/user#get-current-user (in case the link breaks, it's GET users/@me). That API will return the User object in JSON form.
Finally, you can add the user by PUT-ing to https://discordapp.com/api/guilds/[guild.id]/members/[user.id] using the user object you just got.
在获取客户端令牌(用于获取用户对象并将用户放入公会的令牌)后使用API时,您需要使用Bearer auth方案将令牌放入授权报头下的HTTP请求中.基本上,这意味着标头应设置为"Bearer TOKEN_HERE" .如果您还没有使用内容类型"application/x-www-form-urlencoded",则应该使用它.
When using the APIs after getting the client token (the ones to get the user object and put the user in the guild), you need to put the token in the HTTP request under the authorization header using the Bearer auth scheme. Basically, that means the header should be set to "Bearer TOKEN_HERE". You should also use content-type "application/x-www-form-urlencoded" if you weren't already using it.
如果您在这里不了解任何内容,强烈建议您从RFC阅读有关oauth的信息(不用担心,这两部分很短):与Bearer进行身份验证方案.当您不使用图书馆时,这就是休息时间.
If there's anything you don't understand here, I strongly suggest reading about oauth from the source RFC (don't worry, these two sections are short): getting an auth code, getting a token, authenticating with Bearer scheme. Them's the breaks when you don't use a library.
这篇关于不和谐的OAuth代码用法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
