"Fake" OAuth Provider?

Hello :wave: I’m wondering if something I’m trying to do would even be possible.

So, I’m wanting to associate Minecraft accounts with Discourse Accounts much like how you can add Discord, Google, etc. but, Minecraft doesn’t have an OAuth system currently (maybe once everyone is migrated to a Microsoft account but, that’d be a bit of waiting). So, the system I am proposing is having the user enter a randomly generated code that they’d get in-game. Would there be a way to then add this to their account like any other connected account? I’d probably structure it similar to how https://mc-oauth.net/ works but, instead of logging in, they’d use a command in chat.

If this would be possible, do you have any pointers on how I could accomplish this? I pretty much just would need a modal popup asking for the code → validate code → get UUID and store as external account identifier.

EDIT: Actually, it looks like with the transition to Microsoft accounts I might be able to modify the existing Microsoft account plugin to store Minecraft UUIDs. I’ll have to see.

You could maybe use custom user fields for this? How to create and configure Custom User Fields

A user field could be set to be required on signup, which would accept the randomly generated code. User fields can also be editable in someone’s preferences after signup, if existing accounts need to add the code.

2 Likes

Oooooh, I actually didn’t think about this. Thank you for the idea - the main reason why I was looking for an OAuth approach is I can retrieve the user by the external ID. I’m going to see if I could potentially retrieve a user by a user field.

EDIT: Ok, I actually might have a way of doing this using the custom fields. I’m probably going to just have to use an external database and make my own way of requesting a Discourse user from their Minecraft UUID. I just don’t know enough about the limitations of Discourse to know if there’d be a better way.

EDIT 2: Hmm, I don’t see a way to edit custom user fields via the API. I ideally wanted to have it only get set by the API, so it is guaranteed that they own the account. I might just need to make an external database and do account linking through something else.

1 Like

It kind of sounds like what you want to do is implement your own oauth provider?

Much like the diagram here:

It sounds like your custom mechanism would take the place of the “oAuth2 Directory”.

(It might be simpler using DiscourseConnect)

Of course, this all depends on how you’re already implementing authentication for the site…

On the other hand, doing that might be overcomplicating things — we do support staff-only custom fields that might be suitable here.

2 Likes

Yeah, I guess my only main question is if it were staff-only would there be a way to set those fields via some API route? I couldn’t find a way to do so automatically.

I don’t see an entry in docs.discourse.org for this one. All changes made by the web browser are done using the same API, so my advice would be to reverse engineer what’s needed.

1 Like

Oh, that’s really useful - thank you for sharing! So, I did some more thinking and research on how I could do this, what I’m thinking is using the state parameter with OAuth to have people sign in to their Discourse account and then use that state to associate the UUID in Minecraft. The state would just be some randomly generated value that would exist in a database with the Minecraft UUID. I think this approach should work. Thank you everyone for all the ideas and resources!

1 Like