Wrong OAuth2 scopes for some paths
Chaosdave34 opened this issue · 4 comments
The
"list_guild_application_command_permissions",
"get_guild_application_command_permissions",
"set_guild_application_command_permissions" and
"get_my_oauth2_authorization"
operations have all scopes listed for OAuth2 instead of the ones actually required.
Example:
"get": {
"operationId": "get_guild_application_command_permissions",
"responses": {
"200": {
"description": "200 response for get_guild_application_command_permissions",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CommandPermissionsResponse"
}
}
}
},
"4XX": {
"$ref": "#/components/responses/ClientErrorResponse"
}
},
"security": [
{
"BotToken": []
},
{
"OAuth2": [
"activities.read",
"activities.write",
"applications.builds.read",
"applications.builds.upload",
"applications.commands",
"applications.commands.permissions.update",
"applications.commands.update",
"applications.entitlements",
"applications.store.update",
"bot",
"connections",
"dm_channels.read",
"email",
"gdm.join",
"guilds",
"guilds.join",
"guilds.members.read",
"identify",
"messages.read",
"relationships.read",
"role_connections.write",
"rpc",
"rpc.activities.write",
"rpc.notifications.read",
"rpc.screenshare.read",
"rpc.screenshare.write",
"rpc.video.read",
"rpc.video.write",
"rpc.voice.read",
"rpc.voice.write",
"voice",
"webhook.incoming"
]
}
]
}
get_my_oauth2_authorization doesnt require specific scopes. We'll look into the application command permission endpoints though
Fixed in b85f4db
discord-api-spec/specs/openapi.json
Lines 761 to 788 in b85f4db
Checked the specs again.
get_my_oauth2_authorization seems to still have all OAuth2 scopes listed.
that's intentional, as yoni said:
get_my_oauth2_authorizationdoesnt require specific scopes.
a token with any scope(s) can be used for that endpoint