I was noodling around with my Discord bot and was trying to add a feature that would allow server members to register their OGS account with the bot and use it to start games/reviews with other server members from within Discord (among other things). After looking at both the out-of-date Apiary API (https://ogs.docs.apiary.io/#reference) and the forums (mostly @flovo wonderful posts), it seems like the only OAuth2 flow implemented by OGS is the “Resource Owner Credentials” flow. If that is the case, that means server members would have to actually give my bot their OGS username and password. Even though my bot wouldn’t be saving their credentials, it is still less than optimal for people to have to DM my bot their OGS credentials.
My question: has there been any discussion of implementing a different OAuth2 flow or of implementing the “Application Specific Password” that is talked about in the Apiary API? Or have I completely misunderstood and there is another way to go about authenticating? Thanks for any responses and discussions!