Request sensitive data from user via Slash Commands. (Alternative to OAuth)

[InsaneDoggo]

Description

Ability to request sensitive(oauth scoped) data via Slash Commands. "User Connections" or email are good examples of such data.

Possible Implementation. Usecase 1 (Request is optional)

1. Bot sends message: TLDR... cool event for users from Twitch, use /sign_up command to take part

2. User uses command; Interaction goes to Bot via gateway/webhook

3. Bot (e.g. AWS Lambda) determines if user's connections already contains in Database. (Depending on the case result might be processed as deferred response or via Followup Messages).

4. Bot responds:
   4.1. Case A: (DB already has data) Success, finish flow.
   4.2. Case B: (DB has no data) Bot asks user to provide connections by showing clarification prompt directly or in response to user's action i.e. previously showing message like We need info about your Twitch acc, [Share Connections](link_styled_action_to_show_dlg) please!

5. User takes action:
   5.1. Case A: User decline -> finish flow.
   5.2. Case B: User accept -> Interaction with connections goes to Bot.

Possible Implementation. Usecase 2 (Requesting always)

1. Somewhere in "Info Channel": Blabla... you can [Share Connections](link_styled_action_to_show_dlg) connections to be ready for cool stuff..
2. User clicks on link_styled_action
3. Clarification prompt...
4. User takes action:
   4.1. Case A: User decline -> finish flow.
   4.2. Case B: User accept -> Interaction with connections goes to Bot.

Why This is Needed

Currently to access some sensitive data we have to ask user to go through OAuth flow to get scoped token.
It works fine for case when we need constant access to resource i.e. we can request data at any time while token is valid.

There are cases, where it's enough to request data only once, OAuth still valid solution, but it looks like overkill:

1. Some users bothers of trip to browser as well as OAuth flow:

Sometimes it looks like this:

2. As of developers, it might be critical to expose public IP (via redirect url). Especialy for indie devs. (e.g. AWS free tier protection doesn't cover all cases, same for other services)

Benefits of proposed feature:

1. User stays in native client.

2. No need to expose IP.

3. Such simplification perfectly aligns to Slash Commands idea of new world (e.g. ability to interact with an application without needing a bot user)

4. Profit

[ghost]

There's already a way to show the OAuth flow in the Discord client (RPC) - it'd be cool to have a setting on a slash command so that it requires the application to be authorized with a certain OAuth scope before the command can be ran.

[JDJGInc]

IT would be cool to not require an entire server for stuff like this, so yeah I agree with this and that way you can agree within the client, or there should be a built in way to the client to invite bots or at least for desktop versions(as it's annoying sometimes to open a window to invite bots.

There's problem a reason why this doesn't exist, but I don't know why you can't do it, is there a specific reason why?