Discord Oauth2 Plugin

official

(Jeff Wong) #1

By popular demand, I’ve created a plugin to allow users to log in via Discord.

You can find the plugin here: https://github.com/discourse/discourse-plugin-discord-auth

After installing the plugin,

  • Generate the application here, and copy the Client ID and Client Secret.
  • Add the your website to the REDIRECT URI(S) using
    https://example.com/auth/discord/callback
    (replacing the https with http and example.com with your full qualified domain/subdomain)
  • Update the plugin settings in the Admin > Settings area with the Client ID and Client Secret.

Special thanks to @cpradio for providing a great starting point for this via the LinkedIn Oauth2 plugin.


Allowing logins only from a certain guild

The site setting discord trusted guild auto-approves users on creation if they match a certain guild. To allow only discord users from a certain guild, use this with the must approve users setting enabled.

Type the guild ID in the discord trusted guild setting.

To find your guild ID, log into your desired discord guild, and view a channel. The URL format is https://discordapp.com/channels/{guild}/{channel}. For example, given a URL as https://discordapp.com/channels/123/456, your guild ID would be 123.

The result is all discord users would be able to create new accounts, but only members of the specified guild will be able to log in “pre-approved”. Anyone else will be pending approval as normal.

To support this functionality, the plugin pulls in the “view guilds” scope permission in addition to email and identity.


OAuth2 Basic Support
How do I register a public asset in a plugin?
Updating Font Awesome icons?
How to edit plugins code?
(Rafael dos Santos Silva) #2

I’m getting the following error on login:

(discord) Authentication failure! invalid_credentials: OAuth2::Error, : 
{"code": 0, "message": "401: Unauthorized"}

(Jeff Wong) #3

Ah, thanks for the heads up - it appears that we do need that identity scope.

I was testing without wiping the previous permission sets on discord, which seems to append scopes (and I ended up with identity + email) when switching omniauth-discord packages from 0.1.3 to 0.1.2. I’ll prod them to release their fixes for custom scoping sooner rather than later so we can request the correct email + identity scopes. Sorry about that!

Edit:
Well, that was awkward. Plugins are currently unable to resolve/install from git sources. I ended up cloning omniauth-discord into the plugin temporarily until we can reliably get an updated gem. It is messy, but I’m now able to login @Falco


(Rafael dos Santos Silva) #4

GitHub is having a bad day today: https://status.github.com/


(Jeff Wong) #5

I don’t think that outage was related honestly.

The workaround until the release is to include the following in gemfiles (suggested here):
gem 'omniauth-discord', git: 'https://github.com/adaoraul/omniauth-discord', branch: 'master'

However, due to the way that plugin gems are loaded, this kind of declaration can’t work inside plugin.rb, as far as I can understand. (That said, fairly inexperienced ruby dev, happy to be proven wrong.)


(Rafael dos Santos Silva) #6

Ahhhh now I got what you mean.

Last gem release was before the last change, so it ins’t on RubyGems.

I just sent an email to the maintainer let’s see if he can help us here with a new release.


(Kyle Boyce) #7

Can I change this to “Login” image


(Jeff Wong) #8

Hi Kyle,
Not currently. I’m looking to get the plugin more stable before allowing for custom text.


(Kyle Boyce) #9

Can you show me a gif of signup with Discord before I install?


(Makary Gołosz) #10

Um, yeah, you probably could overwrite this in CSS.


(Jeff Wong) #11

0.1.5 omniauth-discord was released today (thanks for the added push @Falco ) , I’ll be able to refactor this as a much cleaner plugin very soon.

Edit: Just released this with the new dependency, and confirmed that it is now pulling both email and user id correctly. Give it a shot and let me know what you think!


(Jeff Wong) #12

Try this for custom css:

.btn-social.discord::before {
  content: "Login ";
  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
  font-size: 1em;
  margin-right: 0px;
  background: none;
  display: inline;
  position: static;
}

What are you hoping to see in a gif that is not clear in the screenshots?


(Kyle Boyce) #13

For example, does it carry over avatar etc?


(Rhukee) #14

How does this behave with users who are already registered?


(Rafael dos Santos Silva) #15

Like all login plugins, if the e-mails match, they will login to their existing account.

Not yet.

@awole20 you can download the avatar using the info from the auth, what do you think?

The payload from oauth will give you user_id and avatar_hash, and then you can use it like this:

https://cdn.discordapp.com/avatars/<user_id>/<avatar_hash>.jpg?size=512

With this URL you can enqueue an avatar download like this:


(Jeff Wong) #16

Ah, I didn’t realize that there were methods for avatar capture through account creation, I’ll see if I can work on this tonight. Thanks!


(Makary Gołosz) #17

I’m wondering… Is there a way to limit ability to log in via Discord OAuth based on server (guild)?


(Jeff Wong) #19

I now pull avatars, for both new and existing accounts (if they don’t already have a custom avatar chosen).

(Thanks for the code tour btw, it’s very helpful :wink: )

Not as it stands right now, but that’s a nice idea, definitely.


(Rhukee) #20

This would be great.


(Makary Gołosz) #21

Would it be perhaps later possible to extend extend this to regular, geberuc OAuth? I mean replacing the avatars of course.

I’ll try to investigate this.