Merge pull request #112 from Nimon77/scope-fix

Fix error 400 bad request when application is in team
breqdev · Jul 27, 2022 · cfe94fa · cfe94fa
2 parents 0174e2d + eeded60
commit cfe94fa
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/docs/botsetup.rst b/docs/botsetup.rst
@@ -110,7 +110,20 @@ You need to provide Discord with your public URL so they can send you interactio
 
 Click the "Save Changes" box at the bottom. Note that if your bot is not configured properly, the Developer Portal will not allow you to save the URL.
 
+If your application is in a team
+--------------------------------
+
+When your app is in a team you can't use the ``applications.commands.permissions.update`` scope, team applications are limited to the ``identify`` and ``applications.commands.update`` scopes, because teams are not bound to a specific user.
+https://discord.com/developers/docs/topics/oauth2#client-credentials-grant
+
+You can override scopes with
+
+.. code-block:: python
+
+        app.config["DISCORD_SCOPE"] = "applications.commands.update"
+
+
 That's all!
 -----------
 
-At this point, you should be able to use Slash Commands and receive a response from your bot. If you have any issues, `you know where to put them <https://github.com/Breq16/flask-discord-interactions/issues>`_!
+At this point, you should be able to use Slash Commands and receive a response from your bot. If you have any issues, `you know where to put them <https://github.com/Breq16/flask-discord-interactions/issues>`_!
diff --git a/flask_discord_interactions/discord.py b/flask_discord_interactions/discord.py
@@ -324,6 +324,7 @@ def init_app(self, app):
         app.config.setdefault("DISCORD_CLIENT_ID", "")
         app.config.setdefault("DISCORD_PUBLIC_KEY", "")
         app.config.setdefault("DISCORD_CLIENT_SECRET", "")
+        app.config.setdefault("DISCORD_SCOPE", "applications.commands.update applications.commands.permissions.update")
         app.config.setdefault("DONT_VALIDATE_SIGNATURE", False)
         app.config.setdefault("DONT_REGISTER_WITH_DISCORD", False)
         app.discord_commands = self.discord_commands
@@ -349,7 +350,7 @@ def fetch_token(self, app=None):
         if app.config["DONT_REGISTER_WITH_DISCORD"]:
             app.discord_token = {
                 "token_type": "Bearer",
-                "scope": "applications.commands.update applications.commands.permissions.update",
+                "scope": app.config["DISCORD_SCOPE"],
                 "expires_in": 604800,
                 "access_token": "DONT_REGISTER_WITH_DISCORD",
             }
@@ -361,7 +362,7 @@ def fetch_token(self, app=None):
             app.config["DISCORD_BASE_URL"] + "/oauth2/token",
             data={
                 "grant_type": "client_credentials",
-                "scope": "applications.commands.update applications.commands.permissions.update",
+                "scope": app.config["DISCORD_SCOPE"],
             },
             headers={"Content-Type": "application/x-www-form-urlencoded"},
             auth=(app.config["DISCORD_CLIENT_ID"], app.config["DISCORD_CLIENT_SECRET"]),