(DEPRECATED) Discord Oauth2 Plugin

:tada: Discord support is now included in Discourse core, this plugin is no longer required

Original Plugin Description

By popular demand, I’ve created a plugin to allow users to log in via Discord.

You can find the plugin here: https://github.com/discourse/discourse-plugin-discord-auth

After installing the plugin,

  • Generate the application here, and copy the Client ID and Client Secret.
  • Add the your website to the REDIRECT URI(S) using
    (replacing the https with http and example.com with your full qualified domain/subdomain)
  • Update the plugin settings in the Admin > Settings area with the Client ID and Client Secret.

Special thanks to @cpradio for providing a great starting point for this via the LinkedIn Oauth2 plugin.

Allowing logins only from a certain guild

The site setting discord trusted guilds allows you to restrict login to members of specific Discord guilds. To use, simply type the guild ID into the Discourse site setting.

To find your guild ID, log into your desired discord guild, and view a channel. The URL format is https://discordapp.com/channels/{guild}/{channel}. For example, given a URL as https://discordapp.com/channels/123/456, your guild ID would be 123.

Users who are not part of an allowed guild will be shown this message upon login:

If you are relying on this guild restriction for security, make sure to disable all other Discourse login methods.

To support this functionality, the plugin pulls in the “view guilds” scope permission in addition to email and identity.


I’m getting the following error on login:

(discord) Authentication failure! invalid_credentials: OAuth2::Error, : 
{"code": 0, "message": "401: Unauthorized"}
1 Like

Ah, thanks for the heads up - it appears that we do need that identity scope.

I was testing without wiping the previous permission sets on discord, which seems to append scopes (and I ended up with identity + email) when switching omniauth-discord packages from 0.1.3 to 0.1.2. I’ll prod them to release their fixes for custom scoping sooner rather than later so we can request the correct email + identity scopes. Sorry about that!

Well, that was awkward. Plugins are currently unable to resolve/install from git sources. I ended up cloning omniauth-discord into the plugin temporarily until we can reliably get an updated gem. It is messy, but I’m now able to login @Falco

1 Like

GitHub is having a bad day today: https://status.github.com/


I don’t think that outage was related honestly.

The workaround until the release is to include the following in gemfiles (suggested here):
gem 'omniauth-discord', git: 'https://github.com/adaoraul/omniauth-discord', branch: 'master'

However, due to the way that plugin gems are loaded, this kind of declaration can’t work inside plugin.rb, as far as I can understand. (That said, fairly inexperienced ruby dev, happy to be proven wrong.)


Ahhhh now I got what you mean.

Last gem release was before the last change, so it ins’t on RubyGems.

I just sent an email to the maintainer let’s see if he can help us here with a new release.

1 Like

Can I change this to “Login” image

Hi Kyle,
Not currently. I’m looking to get the plugin more stable before allowing for custom text.

1 Like

Can you show me a gif of signup with Discord before I install?

Um, yeah, you probably could overwrite this in CSS.


0.1.5 omniauth-discord was released today (thanks for the added push @Falco ) , I’ll be able to refactor this as a much cleaner plugin very soon.

Edit: Just released this with the new dependency, and confirmed that it is now pulling both email and user id correctly. Give it a shot and let me know what you think!


Try this for custom css:

.btn-social.discord::before {
  content: "Login ";
  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
  font-size: 1em;
  margin-right: 0px;
  background: none;
  display: inline;
  position: static;

What are you hoping to see in a gif that is not clear in the screenshots?


For example, does it carry over avatar etc?

How does this behave with users who are already registered?

Like all login plugins, if the e-mails match, they will login to their existing account.

Not yet.

@awole20 you can download the avatar using the info from the auth, what do you think?

The payload from oauth will give you user_id and avatar_hash, and then you can use it like this:


With this URL you can enqueue an avatar download like this:


Ah, I didn’t realize that there were methods for avatar capture through account creation, I’ll see if I can work on this tonight. Thanks!


I’m wondering… Is there a way to limit ability to log in via Discord OAuth based on server (guild)?

I now pull avatars, for both new and existing accounts (if they don’t already have a custom avatar chosen).

(Thanks for the code tour btw, it’s very helpful :wink: )

Not as it stands right now, but that’s a nice idea, definitely.


This would be great.

Would it be perhaps later possible to extend extend this to regular, geberuc OAuth? I mean replacing the avatars of course.

I’ll try to investigate this.