User consent for OAuth2 Guilds.join actions

[panley01]

Currently, users are not made aware if an application they have given OAuth2 consent to has joined them to a guild. They simply join the guild silently and the guild is added to their list. Additionally, they immediately count as a member of the guild.

This has led to malicious OAuth2 applications using the guilds.join scope to join users to guilds without their consent or request. It has been stated by Discord previously that the guilds.join scope should only be used alongside consent or request from a user (For example, a user asking to join a server via a 3rd party server listing site being added via guilds.join).

To combat this issue, Discord should seek consent from a user when they are joined into a guild via an OAuth2 application. My suggestion is that:

• A user is not counted towards guild member totals until they consent, via an in-app modal, to join the guild.
• A user retains this state until they engage with the guild or the banner making them aware of their status in the guild (engaging in this context being sending a message, reacting etc. all of which will require a user to pass gating if present).
• A user is presented with options to refuse to join, or report the application for joining them to the server without their consent.

The option to report an OAuth2 application will allow Discord to recognize and reactively investigate applications that are potentially misusing the guilds.join scope, and could allow them to prevent the application from using the scope to join users to a guild, or revoke all of their active OAuth2 tokens with the scope active. Users that are joined via OAuth2 not counting towards the member count of a guild until they confirm consent in-app will also prevent inactive accounts joined in this method from counting towards a server's member count and significantly harm the market for paid 'authnets' (Botnets with many inactive accounts authed with the guilds.join scope rented out or sold to other users wishing to inflate their server's member count). This will actively combat the creaton of misleading servers that use member count to obtain some legitimacy. Presenting a user joined to a guild via OAuth2 with a clear, easily readable way to state they do not wish to join & allowing them to easily de-authorize the relevant application will also help prevent this abuse. Many users do not understand how Authorized Apps work, allowing them to de-authorize easily in an in-app modal will mitigate this issue.

For the mobile clients, this same flow can be surfaced and notifications may be pushed to the notification centre/for you tab under notifications, to better make users aware of the action taken on their behalf.

Mockup screenshots attached.

[IllagerCaptain]

I like this idea. But imo the "I did not ask to join this server" shouldn't be the same size as the others, as it may result in misclicks.

[UnknownSkid]

true, maybe make it like a link thing, and it should be more at the bottom and red, something like that

[RogueRemnant]

I would like to see something like this implemented. I've seen some confusion in a few communities where people are automatically added by a bot that has this permission. I would love to have some way to view what a bot has done on my behalf - even if it was as simple as receiving some sort of DM or personal audit log to see what applications have done what actions. Over the years you sometimes just forget you've given a bot permission to add you to servers.

[TheDylanator0]

love this idea!

[gdude2002]

This is a fantastic proposal, and it'd effectively end wide abuse of this feature, IMO.

[Batimius]

Someone brought this discussion to my attention today. I honestly would be all for this. I do not understand the purpose of the Join Guilds for You permission in the first place (I cannot really see any practicality, maybe a Prompt to Join Server permission would be more ideal), and with the rise of scams on the platform, I truly believe this could fix it. I have some friends who use Discord who are not that experienced with such platforms and therefore would be likely to fall for a "Join Servers for You" scam, so something like this helps both them since it makes it obvious that they didn't join it themselves, and at the same time easier for me since I can see why they joined.

[saltcute]

This permission shouldn't be existing in the first place! *Sigh* discord....

[Lachee]

In the past i have made a server that you were unable to leave from as a proof of concept.

Using the guilds.join scope to be initially invited into the server, if the user ever decided to leave the bot would simply use the oAuth2 to invite them back. While you could revoke the application or just get banned from the server, it is certainly abusive and used more often than not for sneakily trying to add users to a guild. FiveM use to do this all the bloody time.

[Totallynotmwa]

Why isnt this a feature already

[tizu69]

I'd say it should also restrict the app from adding the user to another guild until they approve that they wanted to get added.

[twocows]

Big brain suggestion

[DrifysOne]

this is a good idea

[Ransomwave]

The fact that this isn't already implemented into the client is very much embarrassing considering it is standard practice in the industry to make sure OAuth2 applications don't ever interfere with the user experience.