guilds.join restrictions

[ghost]

Description

Limit OAuth guilds.join scope to ask for permission via /oauth2/authorize for each guild.
Otherwise, an application can ask for whitelisting to request guilds.join for any guild / multiple (possibly unspecified) guilds.

Why This is Needed

There have been way too many "giveaway" bots tricking users into granting them guilds.join and then adding users to guilds without their express consent. Many of said users are confused and often scared, and don't know what's happening or how to stop it.

Alternatives Considered

• Trusting developers to not abuse permissions. Obviously, this doesn't work.
• Educating users, letting them know not to give permissions to sketchy bots, or that "free nitro" doesn't exist.
• Better ways to report malicious applications. (I still would like to see this, but it doesn't exist yet so I'm posting this idea as well)

[muddyfish]

My bot actually has a legitimate usecase for joining multiple servers with one authentication: it has a web form where you select some emojis and the bot creates servers for them
If there's more than 50 emojis selected, it needs to create more than one server. The bot also says how many servers you'll join through it ahead of time.

[ghost]

ah! that's pretty cool. i was sure someone had a good use for it, which is why i did mention the option of being whitelisted for adding the user to any guild. (i also just clarified in an edit)
yeah, whitelisting is annoying, but privileged intents are already a thing so ¯_(ツ)_/¯

[AnotherCat]

I think this is a good idea
An idea for how to implement asking per guild:

A new scope guild.join, or something like that where you specify the guild's id, a parameter named join_guild_id which then displays the guild information (like when you view an invite somewhere in the oauth flow.
This would then either add the user to that guild, or allow you to add the user to the guild as normal.

The main problem i can see with this is when the guild doesn't exist at the time of authorisation.

The guilds.join should then have a specific warning. Approval for use of guilds.join at scale could also be an option.

The main thing that i don't like at the moment it's that you don't need to give permission per guild, you're trusting that the bot will only add you when you give permission somewhere their side.

[AnotherZane]

Perhaps this could be avoided by introducing something client side.

Eg. A nagbar when you are viewing a guild you were added to, saying something like:
You were added to this guild by X. Click here to unauthorize this application.

Maybe even being able to report the application via said nagbar if the join wasn't authorized by the user. Ideally this would stay till the user dismisses it manually.

Another alternative could be some sort of authorization system built into the client itself but not sure how this would work for offline members.