Endpoint for mutual servers with a user

[muddyfish]

Now that a bot's servers can be shown in it's profile, would it be possible to have the same sort of thing be available for bots?

I'm thinking an endpoint such as /users/0/guilds, or a new gateway opcode
Full member objects for each guild would be nice, but aren't required for my particular use case as this is mostly to reduce the amount of state I need to keep.

[Taarek]

This please. This is one of the reasons why I need the members intent.

[AEnterprise]

how exactly does this go against privacy? it is perfectly possible (even without any intents) get this info, you just need to get a list of servers your bot is in (gateway send you all of them after you identify) then just use the get guild member endpoint (or request over the websocket) to know if the user is in said guild or not

oauth on the other hand gives a full list of servers the user is in, including the ones your bot is not in

[msciotti]

What is the use case in particular?

[23brewert]

My use case would be so that I do not have to loop through the thousands of servers my bot is in to ban a blacklisted user.
[my bot is apart of a blacklist program that checks users against our blacklist]

[Skye-31]

I could see various use cases, for example when a bot is sharded across multiple physical servers, it takes longer to communicate between each or not be possible at all; a dashboard that isn't linked to the bot could make that request to view the guilds without requiring a system to query it. I definitely agree that this should be a feature.

[Taarek]

A bot dashboard is my use case..

I've personally never been a fan of the guilds scope, because it gives people info about guilds their bot is not even in. And I don't feel very comfortable putting other people in that position either.

So atm, I rely on the GUILD_MEMBERS privileged feature to iterate through guild members and see if x ID is in there. Even if it's not possible to provide full guild objects, partial works fine for my use case as well.

[muddyfish]

At the moment, my use cases are a bot dashboard as well as certain features which depend on the other servers a user is in to determine functionality.
For my particular case, I need to know the mutual guilds without oauth, so even using the guilds scope is out of the question.
For me, either a rest endpoint or a gateway opcode would help, as I need to do this with relative frequency, but not with a majority of my users to make it worth caching everyone if I don't need to

[Skye-31]

For me, either a rest endpoint or a gateway opcode would help, as I need to do this with relative frequency, but not with a majority of my users to make it worth caching everyone if I don't need to

I think a rest endpoint would be better, as dashboard's could be running on a separate process, meaning they don't have access to the gateway.

[msciotti]

So atm, I rely on the GUILD_MEMBERS privileged feature to iterate through guild members and see if x ID is in there.

At the moment, my use cases are a bot dashboard as well as certain features which depend on the other servers a user is in to determine functionality.
For my particular case, I need to know the mutual guilds without oauth, so even using the guilds scope is out of the question.

Sure, I totally understand the technical bits of this. My question is like, what is the feature that you're building (or have built) that you need this to power? It's sometimes hard to evaluate requests on a purely technical basis if we don't understand what you're trying to accomplish.

[muddyfish]

For my dashboard, I need to show a list of servers the user has permissions to manage, to the channel level. At the moment, I cache guilds, channels and members and create a subset of guilds/channels the user is allowed to manage.

In terms of outside the website, I use the mutual servers to work out which emotes are in the servers a user shares with the bot to present them in a default interface without the user needing to interact with the bot otherwise.

[ziad8727]

I would assume something like Taarek's usecase would be that in their dashboard, for example a configuration screen, it would be able to show all guilds that the user can configure and that they share with the bot. That way, you don't have to iterate through any shards (which can be problematic if some are offline) or requiring the user to authorize via OAuth2 the guilds scope. Such a dashboard does not require all the guilds a user is present in

[advaith1]

This feature request is about mutual servers with a user, which are servers that the user shares with the bot

[YodaLightsabr]

This would be extremely useful. Right now, you have to cache all the members, which requires privileged intent. I don't need to download the entire server members list, I just need to find out if a certain user is in the server. This throws everything back with more delays, as my bot is in the middle of getting verified.

[muddyfish]

This would be extremely useful. Right now, you have to cache all the members, which requires privileged intent. I don't need to download the entire server members list, I just need to find out if a certain user is in the server. This throws everything back with more delays, as my bot is in the middle of getting verified.

If you know the server id and member id, you can do this already without either keeping a full cache or the proposed endpoint for giving all the shared servers for a user.

[KSJaay]

Current object for GET /users/@me/guilds:

{
  "id": "80351110224678912",
  "name": "1337 Krew",
  "icon": "8342729096ea3675442027381ff50dfe",
  "owner": true,
  "permissions": "36953089",
  "features": ["COMMUNITY", "NEWS"]
}

Requested object for GET/users/@me/guilds:

{
  "id": "80351110224678912",
  "name": "1337 Krew",
  "icon": "8342729096ea3675442027381ff50dfe",
  "owner": true,
  "permissions": "36953089",
  "features": ["COMMUNITY", "NEWS"],
  "mutual": true
}

While the current endpoint is useful, the only issue is that I only want users to be able to modify servers which they have mutual with the bot. I know I could use GET /guilds/{guild.id}/members/{user.id} using the bot ID and check if the bot is within the guild, but I would then need to go through every single guild the user is in (up to 100). And if there's a lot of users on the dashboard I would most likely hit the rate limit.

[advaith1]

Sounds like you're requesting it for OAuth; it's already pretty easy to do with OAuth so the proper solution to this issue would be just a bot endpoint which takes a user id

[French-Noodles]

I have an issue with that part myself,

GET/users/@me/guilds
Only gets me 199 servers, and the bot is in 292 servers, So a lot of servers cannot be edited on the dashboard that I'm making because the bot does not recognize this server as a mutual server

[JDJGInc]

Either users use stuff built in libs, which well handle .mutual_guilds by cache or you can probably use 0ath2.
Then again if you do this, store ids.
Ids will probably not take as much space as other info.

[JDJGInc]

make sure to delete like before 30 days or whatever discord says btw.

[greysdawn]

This was brought up in a server recently, and I agree that this would be useful for bots. Use case here is a bot that stores user-based configs for individual servers- they want to allow users to import those configs across any accounts they have (or to recreate them if data is lost, etc) for ease, but don't want people to use that to automate the creation of tons of configs by just changing the server IDs. Having a mutual servers option would fix this by allowing the bot to verify what servers a user is in without having to spam the API or use privileged intents

[eunakria]

Is there any update on this feature? The corresponding issue #1612 has been marked as completed but I don't see any such feature in the API docs.

Major libraries like Discord.py offer a simple, naïve implementation of this feature which risk returning incorrect results w/ shards (_guilds is populated here and I'm not sure about the exact behavior but it certainly doesn't look right) and are costly for both the client and API endpoint, while others like Discord.js (which I am using) simply forgo this feature.

My use case is captcha-based verification for guilds, which needs to be done in DMs since at time of verification the member doesn't have permission to send messages to any guild channel.

As such I need to get a list of mutual servers between my bot and the user, and afaik currently the only ways to do that are (1) to keep a cache on my end, shared across all shards, of the members of each guild my bot is in, which is expensive and risks desynchronization, or (2) to use the OAuth guilds scope, which requires explicit user confirmation and a listening webserver, and invades users' privacy as I can see all guilds the user is in, not only mutual ones.

[advaith1]

The corresponding issue #1612 has been marked as completed

When an issue is converted to a discussion it automatically gets marked as closed, this is built in to GitHub and does not mean anything about the state of the requested feature

[eunakria]

Right, I know the issue is always closed but I was confused that it was specifically marked as "completed". I was unaware of this behavior in GitHub, perhaps it was a holdover from when discussions were still in beta? Other issues I see converted to discussions use their own "converted this issue into discussion" message

[jonhoo]

To add another use-case: I'm building a bot that allows users to authenticate to GitHub so that they can get server roles based on their GitHub Sponsorship. The user's link to GitHub is independent of any one server, and they may not even have write permission to any server channels without supporter roles, so it happens in DMs with the bot. When they have authenticated, the bot then needs to update the user's role in any servers whose roles are managed by the bot. While it could do this by walking all the bot's servers, this is obviously costly and slow, and scales poorly as the bot becomes more widely used. If I could get the mutual guilds between the user and the bot, that would give me exactly the list of guilds I need to consider.

[zekepari]

What is the best method to get a bot & user's mutual servers, assuming that we have access to both the OAuth2 Access Token or Bot Token, also considering rate limiting, and no access to gateway?

Current concept:

const guildsRes = await fetch('https://discord.com/api/users/@me/guilds', {
        headers: {
            Authorization: 'Bearer ' + session?.user.access_token
        }
    });

    if (!guildsRes.ok) {
        throw new Error('Failed to fetch guilds');
    };

    const guilds: Array<APIGuild> = await guildsRes.json();
    const ownedGuilds: Array<APIGuild> = guilds.filter(guild => guild.owner === true);

    const fetchGuildPreview = async (guild: APIGuild) => {
        const guildRes = await fetch(`https://discord.com/api/v10/guilds/${guild.id}/preview`, {
            headers: {
                Authorization: 'Bot ' + process.env.DISCORD_BOT_TOKEN,
            }
        });
    
        return await guildRes.json();
    };
    
    const activeGuildsPromises = ownedGuilds.map(guild => fetchGuildPreview(guild));
    const activeGuilds = await Promise.all(activeGuildsPromises);

You can see I get the guilds via access token, condense the guilds down to what the user owns, then I use the bot token too see if it's in the same guilds.

I feel as if this is terribly inefficient, plus, I get rate limited. Like crazy.