I have a Django Rest Framework based web application that I want to connect to my bot through OAuth2. My bot is primarily using Facebook Messenger as channel. So now I’m trying to figure out the best way to connect my Messenger bot to my REST backend such that users can access their private account.
The key issue is that Messenger’s Account Linking is not a fully OAuth2 compatible flow, essentially stopping at step 3 of the OAuth2 Authorization Code protocol. Thus, it doesn’t send Access Tokens with the messages because Messenger isn’t even requesting an Access Token.
Therefore, all the standard OAuth2-based permission management frameworks / tools cannot be used. So I was wondering if anyone already found a good solution for this.