Im trying to get a list of all channels in my discord server using the discord api. However im getting a 401 no access in my api client, probably because I have the wrong api key, but I have no clue how to get a working key. Below you see my api request.
I read in the docs of discord that I need a oAuth2 token, but I just can't seem to figure how to get that token..
Thanks for the replies,
Boudewijn Bout
To make a request to the Discord API you must include a token in the headers:
Authorization: TOKEN.
To get a valid token open DevTools (press F12), go to the network tab, and send a random message to your friend or server. Then you will see that a new row appeared in the network tab. Click on that row then go to its headers and find the authorization header, the value of that header is token. If you have any questions about the Discord API feel free to DM me on Discord - Koll Potato#2437.
Related
Before someone marks this question as duplicate,
Yes I know audit log is a thing.
No I won't use it because it requires permission.
Yes it's easier to find out server owner
No I need to know exactly who invited my bot
I want to:
Find out who invited my bot the server (user-guild id pair) using invite link redirection.
I read about the OAuth2 API but didn't quite undertstand it due to my lack of background knowledge.
All I understand is that bot invite links can have redirect uri,
and some infos are transfered to it after authentication.
Is it possible to get user/guild id from this?
I tried:
Setting up http server using python -m http.server,
add my IP to redirect uri list in dev page & generate a invite link containing redirect to my IP.
But I didn't get redirected to my http server after inviting my bot using that link,
and nothing got printed on the http server console either.
Things to note:
A. Don't reveal your client secret or your bot token for any purpose. If you do so, immediately regenerate them from the developer portal.
B. Code and token have different meanings in the answer below.
C. This is not for absolute beginners and you are expected to have a general understanding of web requests(specifically GET and POST requests). You might also need to host the site handling redirect URL.
D. This does not cover security issues in any shape, way or form.
In the bot tab of the developer portal, enable the REQUIRES OAUTH2 CODE GRANT option. This prevents the bot from joining a server unless step 4 is completed.
Then use the OAuth tab to generate an OAuth URL with identity and bot scopes. This is important to get user info in step 5.
When someone visits the URL, logs in, and selects a server, they are redirected to your redirect URL. This URL receives a single-use code as URL parameter ie the URL will be <base_url>&code={code}<other stuff>. It is up to you (and probably outside the scope of any SO answer; google is your friend here) to set up a web server and handle requests.
This code can then be used to get a token. This link explains how to exchange code for token. It involves sending a post request with your application's client id and secret. Both are available from discord's developer portal. The response will also have information about the guild along with the token in fields "guilds" and "access_token" respectively.
Send a get request to https://discord.com/api/v9/users/#me with a header containing Authorization: Bearer ${token} where the token is obtained in step 4. The response is in JSON format and contains user data specified here. Note: The link above is for the latest API version v9 which may change in future versions.
Edit:
It is possible to manually modify the URL to remove identity scope from URL. The bot would still join the server as long as you make a request to exchange the code for the token. In this case, the request to /users/#me would fail and you would have no access to the user object. It should be easy to make the bot leave the server if the request fails with the status code corresponding to unauthorized.
I am trying to Authorize via OAuth with Trello and I can't seem to get it right, even in postman.
I have followed their API docs and have got myself a developer key and I have used a little link they have in this article to get a valid auth token.
I tried including the API key and Auth token in the header and (in a separate test) in the body, as per their documentation.
Everything I try results in "unauthorized permission requested".
What am I doing wrong?
Ok so I had obviously made a mistake when trying the Header route.
It works now if I provide a header key called Authorization and the API key and Auth Token in the following format OAuth oauth_consumer_key="{{apiKey}}", oauth_token="{{apiToken}}".
I want to get user profile for which I am using OAuth. http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html
I have retreived the access token and now finally I need to call yahoo api by making a GET request according to http://developer.yahoo.com/oauth/guide/oauth-make-request.html#
The GET request I am sending is:-
http://social.yahooapis.com/v1/user/KMDUY7SWWTJOX4AS3XR47PNLQU/profile?format=json
&realm="yahooapis.com"
&oauth_consumer_key=my key
&oauth_nonce=24829.2331
&oauth_signature_method=plaintext
&oauth_timestamp=1219450170
&oauth_token=whole token here
&oauth_version=1.0
&auth_signature="consumer secret + token secret"
When I am sending this request it is giving me this error:-
{"error":{"lang":"en-US","description":"Please provide valid credentials. OAuth oauth_problem=\"token_rejected\", realm=\"yahooapis.com\""}}
Thankyou for your time and consideration.
I was having this issue for a while and then eventually I figured out that Yahoo! puts A= at the beginning of all of their access tokens in their response, but that is not actually part of the access token, so you should be sure to remove that part before responding back to Yahoo!
I hope this helps someone else that stumbles upon this page in the future.
probably in your case the issue is related with the protocol. You should use https when calling the Yahoo! API.
As they say in the Yahoo documentation here:
For requests to Yahoo API and Web services that require OAuth
authorization, you must use the HMAC-SHA1 encryption method because
requests are made insecurely using HTTP.
I am trying to build an application that would fetch the events from a user's Google calendar. Once I get the authorization code which the user is given and asked to enter in another page, I try to exchange it for access_token. But I get an error in the post request I am sending to retrieve the token.
client_id=encodeURIComponent("id.apps.googleusercontent.com");
client_secret=encodeURIComponent("secret.apps.googleusercontent.com");
$.post("http://accounts.google.com/o/oauth2/token/code="+auth_code
+"&client_id="+client_id+"&client_secret="+client_secret
+"&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code",
function(response){
console.log('Response = '+ response);
}
);
Can someone tell me the error in the post request?
You need to look at the response coming back for the error reason. This appears to be jQuery code, so you could look under the Network tab in Chrome Developer Tools (View, Developer, Developer Tools, Network) to see the HTTP response.
That said, unless you're using jQuery in a server-side environment, you're using the wrong OAuth flow. You should be using the implicit/javascript flow, where you don't need to get an authorization code or exchange it-- you immediately get an access token returned in the hash fragment of your URL:
OAuth2UserAgent
Please clarify your question more with language/environment/objective.
Hoping someone can help me out here. I'm using Google Contacts API to fetch a list of contacts. To my understanding, this is done by sending a GET request:
https://www.google.com/m8/feeds/contacts/default/full?alt=json&max-results=9999&oauth_token=OATH_TOKEN_HERE
However, this is wildly insecure as any intruder can gain access to the oauth_token in the URL. To combat this, I'm trying to send this as a POST request with my parameters (alt, max-results, oauth_token) as the data. However, I simply get an error that "Authorization is required". I've tried adding "Authorization: OAuth" to my headers but to no avail (get an error that authorization type is not recognized).
Any advice? I need a secure way to send the oauth token to Google such that my security software won't complain about a security hole in my program ...
Thanks!
To answer your question directly, even though security is irrelevant as you are using HTTPS, you cannot POST to Google to get a list of contacts. Google requires you use Get.
The proper formatting for authorization (Because you can still use a Get and not pass the oauth_token as a query string is to use an HTTP Header formatted:
Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg
Using OAuth 2.0 to Access Google APIs