Figured it out. Logging in isn’t required (as long as you have a cookie), I just need to provide the X-CSRF-TOKEN as well in order for it to work. So for any future people, you need to provide the X-CSRF-TOKEN in the header, which you can easily fetch by making a request first and then grabbing the x-csrf-token (this one is lowercase) from the request header. Once you fetch it, make the same request, but in your header, set the X-CSRF-TOKEN (this one is uppercase) to the previously fetched token and it should work. Hope this helped future people who visited this for a solution.
So a sample script would be:
async def ExileUserFromId(UserId: int, Retry = True, Token=XCSRFTOKEN): # Token is by default None, if saved externally, it will save you from all the pain of having to run the script twice.
RequestURL = "https://groups.roblox.com/v1/groups/3403707/users/" + str(UserId)
Response = requests.request(
"DELETE",
RequestURL,
cookies=Cookies, # The cookies (including the .ROBLOSECURITY cookie)
headers={
"Content-Type": "application/json",
"X-CSRF-TOKEN": Token
}
)
if Response.status_code == 403: # If the response is 403...
try:
JSON = json.loads(Response.text)
ResponseCode = JSON["errors"][0]["code"]
if ResponseCode == 0: # And Roblox response is 0...
if Retry == True: # If retry is enabled...
return await ExileUserFromId(UserId, False, Response.headers["x-csrf-token"]) # Re-do the request, but this time, with the `x-csrf-token` supplied as well.
except:
return Response
return Response, Token