[Feature request] Use stricter OAuth2 scopes #11
Description
Hi! I'm interested in using caddy-discord for a project of mine. My specific use case is checking if the user is a member of a single guild, as I'm making a website for a specific friend group. Reading the source, it looks like the scopes used in the OAuth2 flow are hardcoded:
Line 120 in cb7efb6
I would really like to avoid using guilds.members.read if possible, as it grants a lot more information than required for my use case (e.g. seeing role/profile information). While it doesn't matter for my own server, it does give my app access to peek into their other servers, and I'd rather not have that permission out of trust/principle. I'd prefer if the scopes could be changed to stricter variants (e.g. identify only if checking user IDs, guilds only if not checking roles), either via some preset or letting me directly specify the scopes I want to use.
Additional but unfeasible request: If possible, I'd also like to avoid guilds entirely, as the user ID can just be looked up in a server's member list (I don't need to know every server they're in if I can just check if they're in the list of one server I control). However, without hardcoding a list of users, getting a server's member list requires using a bot. The dream scenario is to specify a bot token/guild in the realm, and it looks up the member list and checks the user ID, but I understand if this is too niche/out of scope for this project.
Thanks!