Send a dm to user after bot/app has been added/authorized? (user install)

I would like the process of adding my bot to go something like this: 1. Lets say I send the bot authorization link to one of my friends, to showcase it (https://discord.com/oauth2/authorize?client_id=xxxxxx) 2. They click on the link and authorize it, and upon getting back to Discord they will receive a DM like:
Hello and thank you for adding this bot, with this bot you can check the weather in any country you wish! Using these simple commands:
/help - will give you this message
/weather <country code> - displays that country's current weather
/weather <country code> <date> - displays that country's weather at that date and time
/etc
Hello and thank you for adding this bot, with this bot you can check the weather in any country you wish! Using these simple commands:
/help - will give you this message
/weather <country code> - displays that country's current weather
/weather <country code> <date> - displays that country's weather at that date and time
/etc
3. And then they can execute those commands as they wish. How could I achieve this? Does there exist a call that happens when a user authorizes the bot? My initial thought was that this does not exist, but maybe I could use oauth redirects, however I ran into problems there too.
https://discord.com/oauth2/authorize?client_id=xxxx&response_type=code&redirect_uri=https%3A%2F%2Fexample.com&integration_type=1&scope=applications.commands
https://discord.com/oauth2/authorize?client_id=xxxx&response_type=code&redirect_uri=https%3A%2F%2Fexample.com&integration_type=1&scope=applications.commands
This link redirects correctly, with a code that looks like this "Mz9AVQsPphK3uqdTZcxUL2kJaEDH46", I am not quite sure what to do with it, but either way, when response_type is "code", the app actually doesn't get authorized.
https://discord.com/oauth2/authorize?client_id=xxxx&response_type=token&redirect_uri=https%3A%2F%2Fexample.com&integration_type=1&scope=applications.commands
https://discord.com/oauth2/authorize?client_id=xxxx&response_type=token&redirect_uri=https%3A%2F%2Fexample.com&integration_type=1&scope=applications.commands
However if the response type is "token", redirection works, and the app does actually get authorized, but from my understanding it is limited to 7 days. In my case this might be alright though. So now after redirecting, I can get the access_token, and in theory, if I also add the identify scope, I should be able to get user information with the Discord API. However this returns message 401. Having the identify scope alone works fine, however together with applications.commands. Doesn't work.
28 Replies
d.js toolkit
d.js toolkit6mo ago
- What's your exact discord.js npm list discord.js and node node -v version? - Not a discord.js issue? Check out #other-js-ts. - Consider reading #how-to-get-help to improve your question! - Explain what exactly your issue is. - Post the full error stack trace, not just the top part! - Show your code! - Issue solved? Press the button!
NyR
NyR6mo ago
There is no way to tell when someone installs your app (as of yet)
Alcinzal
AlcinzalOP6mo ago
But is redirects supposed to not work like that? Like applications.commands+identify does not work, and response_type=code doesnt authorize the app properly.
NyR
NyR6mo ago
application.commands just allows you to add commands to guilds It has nothing to do it, only way i can think of telling is when someone uses your app, you can check the "authorizing_integration_owners" field of the interaction (asuming you are not using djs and have plain api data) https://discord.com/developers/docs/interactions/receiving-and-responding#interaction-object-authorizing-integration-owners-object
Alcinzal
AlcinzalOP6mo ago
By adding applications.commands to the scope it adds 2 items to the list of what the app will be allowed to do "Send you direct messages (without having to share servers)" and "Create commands". The reason I want to add both applications.commands and identify to the scope, is because when you authorize an app as user install here on discord, it does not appear in the direct messages tab. You have to first interact with it. I would like the bot to interact with the user when it authorizes the app, giving the user an easier time, instead of making the user try to find the bot by going to discord.com/users/<bots id>
monbrey
monbrey6mo ago
It can only do that for a user install But no, its not unprompted DMs Its the ability to respond to slash commands in your DMs without sharing a server As far as I'm aware anyway
NyR
NyR6mo ago
Their query is to tell when someone installs their app as an user app (if i am understanding it correctly), which discord doesn't provide a way for (yet), unless the user (who installed the app) interacts with it
Alcinzal
AlcinzalOP6mo ago
Yes, that is what I wish to achieve.
monbrey
monbrey6mo ago
Yes, thats what I'm also saying
NyR
NyR6mo ago
And as far as I know, you can only tell when someone uses your bot's command as an user app, there's not gayeway event for when someone installs your bot (or similar method) as of yet
Alcinzal
AlcinzalOP6mo ago
If the bot has the user id, it has the ability to send the user DMs without the user first sending something. The only thing I really need is the users ID upon adding it, but I suppose that is not possible yet. Sad
monbrey
monbrey6mo ago
I'm not sure that's correct Have you tested it?
NyR
NyR6mo ago
Yeah that's not correct (needs to share servers to send messages)
monbrey
monbrey6mo ago
Because if so, the user id from the identify is all you'd need And I dont understand what the issue is
Alcinzal
AlcinzalOP6mo ago
I have tested it, and it does work. If the bot has the scope set to applications.commands, it will be given the permissions to "Create commands" and "Send you direct messages (without sharing servers)". And if the user authorizes this, the bot, if it has the users ID, will be able to send the user DMs, without the user sending anything first. Exactly, but the problem is that, combining applications.commands with identity does not work. The token does not work, and if response_type is set to code, it does not get authorized. Setting scope to just identity does make the token work, but I need applications.commands scope for the bot to be able to DM the user.
monbrey
monbrey6mo ago
What token are you talking about here? identify is an OAuth2 workflow
Alcinzal
AlcinzalOP6mo ago
If response_type is set to token, it will redirect, and you will get the bearer token in the link after the hashtag. However this token does not work when trying to receive data using discords api. Yes I know, and using identify alone as the scope, does work. You get the bearer token, and you can send a request to discords api server, and you get the information you need. However combining identify with applications.commands, make the token not work anymore. It just returns 401.
monbrey
monbrey6mo ago
Its not a bot token if thats what you mean? You cant login with it
Alcinzal
AlcinzalOP6mo ago
I know, you can do this with it: curl -H "Authorization: Bearer <token>" https://discord.com/api/users/@me And you get a json response with all information you need. It works only if applications.commands is not a part of the scope.
monbrey
monbrey6mo ago
That should not be the case Yeah, cant replicate. Just generated a token with both scopes set and it worked
Alcinzal
AlcinzalOP6mo ago
How does your link look like?
https://discord.com/oauth2/authorize?client_id=xxxx&response_type=token&redirect_uri=https%3A%2F%2Fexample.com&integration_type=1&scope=applications.commands+identify
https://discord.com/oauth2/authorize?client_id=xxxx&response_type=token&redirect_uri=https%3A%2F%2Fexample.com&integration_type=1&scope=applications.commands+identify
Is it like this?
monbrey
monbrey6mo ago
yes (though you should use the full code grant for better security) But for the quick test I used the token response type
Alcinzal
AlcinzalOP6mo ago
Really weird, and if you go to authorized apps you see the app there with the correct permissions? When you say full code grant, you mean the response_type=token part? To be response_type=code? Because if I do that, the app just redirects, and never gets authorized, could you also test that?
monbrey
monbrey6mo ago
...okay, it still authorises, but now the token isnt working. So you might be onto something and I have no idea how it worked previously
NyR
NyR6mo ago
Ok I checked around and you are right, it is indeed correct (mb there), though I would suggest you ask in ddevs servers #useful-servers as it is more of an OAuth2 question than djs's and they maybe able to help you better, or somewhere here might
Alcinzal
AlcinzalOP6mo ago
I think I also got it working once just now, but trying to recreate it gives me no luck. Alright thank you I will give it a shot there. But you got response_type=code working fine right? Because I initially thought that there was a bug with it, I thought when you clicked authorize it should just automatically authorize the bot to your account, but you first need to take that code and POST it to the discord api, and that makes it actually authorized and gives you the token. And then further use this token to get the information about the user. This token has worked for me so far, has it worked for you too?
monbrey
monbrey6mo ago
No, I didnt try to implement code, takes longer My bot was already authorised for the user context which might be why the token flow worked the client_credentials code grant is a much more secure option and is the better way to impelment OAuth2, thats why I recommended it
Alcinzal
AlcinzalOP6mo ago
I see. Thank you, I have gotten it working now. Using response_type=token still doesn't seem to work, however response_type=code works just fine. And that is what is preferable anyways. So thank you for the help.
Want results from more Discord servers?
Add your server