Send a dm to user after bot/app has been added/authorized? (user install)
I would like the process of adding my bot to go something like this:
1. Lets say I send the bot authorization link to one of my friends, to showcase it (https://discord.com/oauth2/authorize?client_id=xxxxxx)
2. They click on the link and authorize it, and upon getting back to Discord they will receive a DM like:
3. And then they can execute those commands as they wish.
How could I achieve this? Does there exist a call that happens when a user authorizes the bot? My initial thought was that this does not exist, but maybe I could use oauth redirects, however I ran into problems there too.
This link redirects correctly, with a code that looks like this "Mz9AVQsPphK3uqdTZcxUL2kJaEDH46", I am not quite sure what to do with it, but either way, when response_type is "code", the app actually doesn't get authorized.
However if the response type is "token", redirection works, and the app does actually get authorized, but from my understanding it is limited to 7 days. In my case this might be alright though.
So now after redirecting, I can get the access_token, and in theory, if I also add the
identify scope, I should be able to get user information with the Discord API. However this returns message 401. Having the identify scope alone works fine, however together with applications.commands. Doesn't work.28 Replies
- What's your exact discord.js
npm list discord.js and node node -v version?
- Not a discord.js issue? Check out #other-js-ts.
- Consider reading #how-to-get-help to improve your question!
- Explain what exactly your issue is.
- Post the full error stack trace, not just the top part!
- Show your code!
- Issue solved? Press the button!There is no way to tell when someone installs your app (as of yet)
But is redirects supposed to not work like that? Like applications.commands+identify does not work, and response_type=code doesnt authorize the app properly.
application.commands just allows you to add commands to guilds
It has nothing to do it, only way i can think of telling is when someone uses your app, you can check the "authorizing_integration_owners" field of the interaction (asuming you are not using djs and have plain api data)
https://discord.com/developers/docs/interactions/receiving-and-responding#interaction-object-authorizing-integration-owners-objectBy adding applications.commands to the scope it adds 2 items to the list of what the app will be allowed to do "Send you direct messages (without having to share servers)" and "Create commands".
The reason I want to add both applications.commands and identify to the scope, is because when you authorize an app as user install here on discord, it does not appear in the direct messages tab. You have to first interact with it. I would like the bot to interact with the user when it authorizes the app, giving the user an easier time, instead of making the user try to find the bot by going to discord.com/users/<bots id>
It can only do that for a user install
But no, its not unprompted DMs
Its the ability to respond to slash commands in your DMs without sharing a server
As far as I'm aware anyway
Their query is to tell when someone installs their app as an user app (if i am understanding it correctly), which discord doesn't provide a way for (yet), unless the user (who installed the app) interacts with it
Yes, that is what I wish to achieve.
Yes, thats what I'm also saying
And as far as I know, you can only tell when someone uses your bot's command as an user app, there's not gayeway event for when someone installs your bot (or similar method) as of yet
If the bot has the user id, it has the ability to send the user DMs without the user first sending something. The only thing I really need is the users ID upon adding it, but I suppose that is not possible yet. Sad
I'm not sure that's correct
Have you tested it?
Yeah that's not correct (needs to share servers to send messages)
Because if so, the user id from the identify is all you'd need
And I dont understand what the issue is
I have tested it, and it does work. If the bot has the scope set to
applications.commands, it will be given the permissions to "Create commands" and "Send you direct messages (without sharing servers)". And if the user authorizes this, the bot, if it has the users ID, will be able to send the user DMs, without the user sending anything first.
Exactly, but the problem is that, combining applications.commands with identity does not work. The token does not work, and if response_type is set to code, it does not get authorized. Setting scope to just identity does make the token work, but I need applications.commands scope for the bot to be able to DM the user.What token are you talking about here?
identify is an OAuth2 workflow
If response_type is set to token, it will redirect, and you will get the bearer token in the link after the hashtag. However this token does not work when trying to receive data using discords api.
Yes I know, and using identify alone as the scope, does work. You get the bearer token, and you can send a request to discords api server, and you get the information you need. However combining identify with applications.commands, make the token not work anymore. It just returns 401.
Its not a bot token if thats what you mean? You cant login with it
I know, you can do this with it:
curl -H "Authorization: Bearer <token>" https://discord.com/api/users/@me
And you get a json response with all information you need. It works only if applications.commands is not a part of the scope.
That should not be the case
Yeah, cant replicate. Just generated a token with both scopes set and it worked
How does your link look like?
Is it like this?
yes
(though you should use the full code grant for better security)
But for the quick test I used the token response type
Really weird, and if you go to authorized apps you see the app there with the correct permissions?
When you say full code grant, you mean the response_type=token part? To be response_type=code?
Because if I do that, the app just redirects, and never gets authorized, could you also test that?
...okay, it still authorises, but now the token isnt working. So you might be onto something and I have no idea how it worked previously
Ok I checked around and you are right, it is indeed correct (mb there), though I would suggest you ask in ddevs servers #useful-servers as it is more of an OAuth2 question than djs's and they maybe able to help you better, or somewhere here might
I think I also got it working once just now, but trying to recreate it gives me no luck.
Alright thank you I will give it a shot there.
But you got
response_type=code working fine right? Because I initially thought that there was a bug with it, I thought when you clicked authorize it should just automatically authorize the bot to your account, but you first need to take that code and POST it to the discord api, and that makes it actually authorized and gives you the token. And then further use this token to get the information about the user. This token has worked for me so far, has it worked for you too?No, I didnt try to implement code, takes longer
My bot was already authorised for the user context which might be why the token flow worked
the client_credentials code grant is a much more secure option and is the better way to impelment OAuth2, thats why I recommended it
I see. Thank you, I have gotten it working now. Using
response_type=token still doesn't seem to work, however response_type=code works just fine. And that is what is preferable anyways. So thank you for the help.