2FA requirement support for interactions #4999
Unanswered
PlavorSeol
asked this question in
API Feature Requests & Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Background
2FA is pretty good feature for security.
mfa_level(2FA requirement for moderation) is good feature to encourage (almost force) guild (server) operators to enable 2FA, by requiring it for their duty.However, almost all moderation bots allow bypassing 2FA requirement, checking only permissions and roles, probably because there is currently no reasonable way to enforce it without adding extra hassle besides the requirement itself.
Currently it is possible to determine certain user's 2FA status with
identifyOAuth2 scope, but this requires bots to add more hassle which requires users who need to use moderation commands to login first.#4175 seems to suggest exposing user's 2FA status directly to bots as an alternative, however it seems to be very controversal, and a thing Discord does not want to do.
Proposed solution
Interactions have capability to validate some of requirements on Discord-side and deny the access without sending them to the application at all, so why not validate 2FA status in this way?
My proposal is to allow application commands to specify 2FA requirement status, and make Discord check for user's 2FA status when a command which requires 2FA is used in a guild where
mfa_levelis 1.How it should work:
mfa_requiredwhich should be optional in current version of API, but can be required in the next version.mfa_requiredis true for it, andmfa_levelis 1 for the guild.mfa_levelis 0.Message component support
It would be good if message components can specify 2FA requirement as well, for the following reasons:
identifyOAuth2 scope is not possible at all.Beta Was this translation helpful? Give feedback.
All reactions