Reputation: 63
Discord API: View guild channels information with Oauth2 guilds scope
I am trying to make a call to /guilds/guild.id/channels endpoint after retrieving a user's guild data that is provided after they successfully authenticate with my app using the Discord's OAuth flow.
My OAuth permissions include email and guilds.
After receiving an access_token I am able to make a call to /users/@me/guilds. However, when I try to iterate over this to access each guild's list of channels using the /guilds/guild.id/channels endpoint I receive a {"message": "401: Unauthorized", "code": 0}. I pass the same access_token in the header of this request.
My question is about the limitations of the Discord API when authenticating with OAuth. The documentation says
Unlike the normal OAuth2 flow, bot accounts have full access to all API routes without using bearer tokens
So can I make an API call to /guilds/guild.id/channels using my access_token?
Or do I have to do this through a bot? And if a bot is required then that means in order to make a call to /guilds/guild.id/channels the bot must first be added to the guild, right?
Upvotes: 4
Views: 5554
Answers (1)
Reputation: 33754
I believe you falsely assumed that the guilds OAuth2 scope will give you full access to the guilds of the user. This is not the case, the guilds scope only grants the access token permission to view a list of all the user's guilds and basic information of these guilds (guild ID, avatar, name, flags, the user's permission, and whether the user's the owner).
This does not include giving you access to see the guild's channels. The only endpoint guilds scope gives you is /users/@me/guilds which you already know. I believe this is due to user privacy concerns since it unnecessarily lets you to view the channels list from non-related guilds. Most cases when the guilds scope is used, it is to verify if the user's in a certain guild; useful for bot dashboards.
The only way to retrieve a list of channels requires you to have a bot in the guild and use the /guilds/<guild.id>/channels while identifying as your bot.
To see what the OAuth2 scopes actually grants you, it's documented here: https://discord.com/developers/docs/topics/oauth2#shared-resources-oauth2-scopes.
Upvotes: 6
Related Questions
- discord.py - Get channel permissions of user
- Getting guild and default channel ID
- Discord OAuth2 how to check if a bot is in (joined) a guild
- Discord Authorize Application
- Discord.py How to keep track of all guilds
- Discord API 401 Unauthorized Error when trying to get guild roles
- how to get all members of a guild in discord.py?
- guild.text_channels return just the top channel instead of all channels
- Discord API 401 Unauthorized with OAuth
- Python: Discord API