How to correctly use get a user's guilds?

[chrisdewa]

I was able to login and redirect and get the user response object and code.

How can i get more info from discord?

imports...

app = FastAPI()

scopes = ('identify', 'guilds')
discord_client = DiscordOAuthClient(client_id, client_secret, redirect_uri, scopes=scopes)

@app.get('/login')
async def start_login():
    return discord_client.redirect()


@app.get('/callback')
async def finish_login(request: Request, code: str):
    user = await discord_client.login(code)
    user['code'] = code
    user_id = user['id']
    request.session[user_id] = user
    return RedirectResponse(f'/users/{user_id}/guilds')

@app.get('/users/{user_id}/guilds')
async def user_guilds(request: Request, user_id: str):
    user = request.session.get(user_id)
    print(user)
    async with discord_client.session(user['code']) as session:
        return await session.guilds()

app.add_middleware(SessionMiddleware, secret_key=secrets.token_urlsafe(64))

The code above works all the way until user_guilds as i'm getting an "invalid code" error.
How should i save the session so i can actually use it to get the user's guilds info?

[nwunderly]

client.login() is just a "one-shot" shortcut for the session.identify() method with internal session handling, after which it kills the session:

    async def login(self, code):
        """Shorthand for session setup + identify()"""
        async with self.session(code) as session:
            user = await session.identify()
        return user

Since a code can only be used once, the new session's attempt to get the user's guilds with the same code will throw that error. In order to make multiple API requests, you're going to want to use identify() within your async with context manager, the same way you're using session.guilds() now. Perhaps something like this:

@app.get('/callback')
async def finish_login(request: Request, code: str):
    async with discord_client.session(code) as session:
        user = await session.identify()
        guilds = await session.guilds()

    request.session['user'] = user
    request.session['guilds'] = guilds
    user_id = user['id']
    return RedirectResponse(f'/users/{user_id}/guilds')

@app.get('/users/{user_id}/guilds')
async def user_guilds(request: Request, user_id: str):
    user = request.session.get('user')
    guilds = request.session.get('guilds')
    print(user)
    return guilds

Note that, in addition to this only using the code once, I'm not storing the user data based on id. The whole point of session middleware, what makes it useful, is that the session (as an attribute of Request) is guaranteed to be unique per user. So you can put a user's info under keys like "guild" and "user" and a user will only see their own data.

This also means you don't need the user_id path parameter. I left it in the code, but you could just do /users/guilds and the session middleware will handle identifying the user who it applies to.

[chrisdewa]

I see! Thanks for the help. Still! I keep thinking that the session depends on the code you get on callback but you don't retrieve the access token for future requests.

The dev docs say you can use the "https://discord.com/api/oauth2/token" url to retrieve a token for future requests to discord API.

Perhaps there should be a method in DiscordOAuthClient to construct a sesison with that token, this way you should be able to store the credentials in a secure database, right?

[nwunderly]

the session automatically handles the token, thats what the async with context manager is doing. and as for storing it, it's intended to be used temporarily. I believe the access token actually expires a few minutes after being granted, which is why I designed the lib with only temporarily using a session in mind.

you're free to make login sessions last longer with the session middleware, or store the user's data obtained from the api, but oauth tokens/sessions aren't supposed to be persisted.

[chrisdewa]

I see! Thanks for the answer! I see no need to persist it longer then.

[chrisdewa]

I see

async def __aenter__(self):
        await super().__aenter__()

        url = API_URL + '/oauth2/token'

        self._discord_token = await self.fetch_token(
            url,
            code=self._discord_auth_code,
            client_secret=self._discord_client_secret
        )

        return self

I don't know why I didn't see this first. But that's also why i wanted to ask before rasing an issue :P

Thanks a gain