Skip to content

Commit 29d5d71

Browse files
dycdyc
authored
[sdk] reorder some more public and confidential clients (#7879)
i missed a couple spots in #7877
1 parent 1a41c02 commit 29d5d71

File tree

1 file changed

+38
-38
lines changed

1 file changed

+38
-38
lines changed

docs/discord-social-sdk/development-guides/account-linking-with-discord.mdx

Lines changed: 38 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -106,8 +106,6 @@ Once the user approves the request from Step 2, Discord will redirect the user b
106106
107107
### Step 4: Exchanging the Authorization Code for an Access Token
108108
109-
#### Token Exchange for Public Clients
110-
111109
#### Server-to-Server Get Token Exchange
112110
113111
If your application uses a backend server and does **not** have `Public Client` enabled, you can manually exchange the authorization code for an access token using the Discord API.
@@ -143,6 +141,8 @@ def exchange_code(code, redirect_uri):
143141
}
144142
```
145143

144+
#### Token Exchange for Public Clients
145+
146146
<PublicClient />
147147

148148
If your app does not have a backend server, enable `Public Client` in the Discord Developer Portal and use [`Client::GetToken`] to automatically exchange the authorization code for a token.
@@ -182,6 +182,28 @@ client->UpdateToken(discordpp::AuthorizationTokenType::Bearer, ACCESS_TOKEN_VALU
182182

183183
Access tokens expire after 7 days, requiring refresh tokens to get a new one.
184184

185+
### Server-to-Server Token Refresh
186+
187+
If you're handling authentication on your server, send an API request to refresh the token.
188+
189+
```python
190+
import requests
191+
192+
API_ENDPOINT = 'https://discord.com/api/v10'
193+
CLIENT_ID = 'YOUR_CLIENT_ID'
194+
CLIENT_SECRET = 'YOUR_CLIENT_SECRET'
195+
196+
def refresh_token(refresh_token):
197+
data = {
198+
'grant_type': 'refresh_token',
199+
'refresh_token': refresh_token
200+
}
201+
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
202+
r = requests.post(f'{API_ENDPOINT}/oauth2/token', data=data, headers=headers, auth=(CLIENT_ID, CLIENT_SECRET))
203+
r.raise_for_status()
204+
return r.json()
205+
```
206+
185207
### Refreshing Access Tokens for Public Clients
186208

187209
<PublicClient />
@@ -206,9 +228,19 @@ client->RefreshToken(
206228
});
207229
```
208230
209-
### Server-to-Server Token Refresh
231+
---
210232
211-
If you're handling authentication on your server, send an API request to refresh the token.
233+
## Revoking Access Tokens
234+
235+
If a user wants to disconnect their Discord account or if a token is compromised, you can revoke access and refresh tokens.
236+
237+
:::warn
238+
When any valid access or refresh token is revoked, all of your application's access and refresh tokens for that user are immediately invalidated.
239+
:::
240+
241+
### Server-to-Server Token Revocation
242+
243+
If your application uses a backend server, you can revoke tokens by making an API request to Discord's token revocation endpoint.
212244
213245
```python
214246
import requests
@@ -217,27 +249,13 @@ API_ENDPOINT = 'https://discord.com/api/v10'
217249
CLIENT_ID = 'YOUR_CLIENT_ID'
218250
CLIENT_SECRET = 'YOUR_CLIENT_SECRET'
219251
220-
def refresh_token(refresh_token):
221-
data = {
222-
'grant_type': 'refresh_token',
223-
'refresh_token': refresh_token
224-
}
252+
def revoke_token(access_or_refresh_token):
253+
data = {'token': access_or_refresh_token}
225254
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
226255
r = requests.post(f'{API_ENDPOINT}/oauth2/token', data=data, headers=headers, auth=(CLIENT_ID, CLIENT_SECRET))
227256
r.raise_for_status()
228-
return r.json()
229257
```
230258

231-
---
232-
233-
## Revoking Access Tokens
234-
235-
If a user wants to disconnect their Discord account or if a token is compromised, you can revoke access and refresh tokens.
236-
237-
:::warn
238-
When any valid access or refresh token is revoked, all of your application's access and refresh tokens for that user are immediately invalidated.
239-
:::
240-
241259
### Revoking Access Tokens for Public Clients
242260

243261
<PublicClient />
@@ -263,24 +281,6 @@ client->RevokeToken(YOUR_DISCORD_APPLICATION_ID,
263281
});
264282
```
265283
266-
### Server-to-Server Token Revocation
267-
268-
If your application uses a backend server, you can revoke tokens by making an API request to Discord's token revocation endpoint.
269-
270-
```python
271-
import requests
272-
273-
API_ENDPOINT = 'https://discord.com/api/v10'
274-
CLIENT_ID = 'YOUR_CLIENT_ID'
275-
CLIENT_SECRET = 'YOUR_CLIENT_SECRET'
276-
277-
def revoke_token(access_or_refresh_token):
278-
data = {'token': access_or_refresh_token}
279-
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
280-
r = requests.post(f'{API_ENDPOINT}/oauth2/token', data=data, headers=headers, auth=(CLIENT_ID, CLIENT_SECRET))
281-
r.raise_for_status()
282-
```
283-
284284
### Handling User Initiated Revocation
285285
286286
Users can unlink their account by removing access to your application on their Discord `User Settings -> Authorized Apps` page.

0 commit comments

Comments
 (0)