Authorization from a desktop application (and base domain site)

Discourse can’t be an OAuth2 provider, no (although I’d love to see a plugin that implements that one day - it’s definitely achievable).

Right now you can use Discourse’s own SSO protocol to implement this. In fact, we do this routinely for our internal tools at discourse.org:

The other option you have, which might be a better fit for the ‘desktop application’ scenario, is to use the “User API Key” flow. That’s how we authenticate users on our Android/iOS apps:

9 Likes