invalid-response when doing remote-auth with hcaptcha
Im working on a small C# discord client library to automate some things and was wondering if it is at all possible to get a user token via the regular discord remote auth (QR code) flow.
Im not interested in solving the captcha automatically.
Currently, i get a ticket via wss://remote-auth-gateway.discord.gg/?v=2, then exchange the ticket for a user token via https://discord.com/api/v9/users/@me/remote-auth/login. If that fails, because Discord requires a captcha challenge and captcha-required is set on the response, i spin up a Webview2 to show the captcha and get the captcha key.
I navigate the webview to discord.com/login and intercept load requests to serve just the captcha. When i get the captcha key and try to exchange for a user token again, it always fails with invalid-request. I made sure that the auth http requests have the same headers set as the official client, including X-Fingerprint, X-Captcha-Key, etc.
<script>
function onLoad() {
hcaptcha.render('captcha-container', {
sitekey: '{{{_req.SiteKey}}}',
rqdata: '{{{_req.Rqdata}}}',
theme: 'dark',
callback: function(token) {
window.chrome.webview.postMessage(JSON.stringify({
type: 'captcha_key',
captcha_key: token
}));
}
});
}
</script>
<script src="https://js.hcaptcha.com/1/api.js?onload=onLoad&render=explicit" async defer></script>