Configuring Discord Login for Discourse

The latest version of Discourse supports authentication via Discord. Combining Discourse and Discord is a great way to combine the real-time features of chat with the ‘long term memory’ of a Discourse forum. You can read more about this on our blog.

Once enabled and configured, login with Discord will appear alongside the other login methods for your forum:

Configuration

To get started, head over to Discord developer portal and create a new application. Choose a name, icon and description of your choice. These will be shown to users during the login flow.

Copy the Client ID and Client Secret from this screen, and enter them into your Discourse settings under discord_client_id and discord_client_secret.

Next, visit the OAuth2 tab on the left. Under Redirects, enter your Discourse site URL (including https://), followed by /auth/discord/callback. Make sure you hit Save Changes before closing the window. Don’t worry about using the ‘OAuth2 URL Generator’ - Discourse will handle that automatically.

Finally, go back to your Discourse site and enable the enable_discord_logins site setting. You should now have a working Discord login button on your site :tada:

Restricting access by Guild

By default, any Discord user can log into your Discourse forum. To restrict access to specific guilds, you can use the discord_trusted_guilds site setting.

First of all, find out the numeric ID for your Discord guild. The easiest way is to login to your guild and open a random channel. Check the URL in your browser, and copy the first number you see in it. The URL format is https://discordapp.com/channels/{guild}/{channel}. For example, given a URL as https://discordapp.com/channels/123/456, your guild ID would be 123.

Once you have the guild ID, add it to the discord_trusted_guilds setting in your Discourse site settings. You can add as many guilds to this list as you like. Now, users in the trusted guilds will be logged straight into your site. Anyone else will be shown this message when they try and get in. You can modify the message from your admin panel by searching for discord.not_in_allowed_guild under CustomizeText.

If you are relying on this guild restriction for security, make sure to disable all other Discourse login methods.

What next?

Now that your users can login with Discord, how about setting up the chat-integration plugin as well? That will push important topics from Discourse straight into your Discord channels. For more information, check out the chat-integration setup information.

15 Likes

I can’t find any of these settings in my newly installed forum. Where should I look? They are not on the same page as all the other login versions, twitter, instagram etc.

If so you are not on the latest version of Discourse. Are you on the stable branch? See the version on your admin dashboard

I think I am? Is this where I’m supposed to look? image

Nope. It’s on the top page if you are self-hosted

Ah, I’m using discoursehosting, so maybe they lag behind? I guess I’ll need to look into self-hosting then. Thank you.

1 Like

Yeah, I was on stable, trying the beta now.

For those interested in what scopes are used and what the auth flow looks like:

  • Username and Avatar
  • Email
  • Know what servers you’re in (may only do this if whitelist is enabled, but probably would still do it in case of a future change).

It then prefills your new account info and your username (ignore Discord Name - that’s an old optional field I added for users to publicly display to others)

Thanks for the awesome feat!

A few notes:

  1. I’d recommend throwing the scopes in OP
  2. The scope includes avatar: It would be cool if the Discord avatar was automatically set (bonus points if you make it optional for admin to decide). If it already does this, it should override automatically-assigned avatars when one isn’t provided.
3 Likes

If I wanted to leverage this discord login method using an external API call, can I reference users discord details somehow? I’m attempting to build a bot that sync roles between discord and discourse but I’d like to not have to have it handle the logging in / connection part and utilize the already core plugin for discord auth in some way. (see the other plugins that do the auth themselves via SSO and other methods)

2 Likes

I’m getting the error invalid oauth redirect

I’ve followed the guide and unsure where I went wrong, can someone share what their discord side of this setup looks like? I entered client ID and secret & enabled in via my forum

I setup a redirect URI using

https://www.voskcointalk.com/auth/discord/callback

I then added the first 3 scopes to it and copied that into the redirect sections, and then selected it as the redirect URI in the drop-down below.

I also tried it w/o the scopes added hoping that “discord will handle that automatically”

Any help would be greatly appreciated, thank you.

Do you have force_https enabled on your site? Missing that can be a common source of redirect URI issues.

The Discord settings I used for testing are in the OP here ^^

Edit: just clicking onto your site, it looks like you have the site at https://voskcointalk.com/auth/discord/callback (no www.). Does it work if you update the callback url to remove the www.?

4 Likes

Wow what a simple issue/oversight, thanks so much for noticing that. Simply removing the www & it worked

Thanks for a blazing quick response too lol :smiley:

1 Like

Sorry to bump this but I keep getting the error Sorry, there was an error authorizing your account. Please try again. when I login

Hi there,

If I disable register new user, will discord app still authorize people to login without account being created? I don’t know if you know what I mean. Here is the scenario:

  1. Disabled registration
  2. Enable Discord authentication