When a user signs in with discord, they are taken to the authorization page every time, meaning they have to agree the authorization anytime they login. From my understanding, this should just be a one step process upon the very first time they connect discord login with discourse.
Do you see the same behaviour on other sites which offer “login with Discord”? If so, it might be the expected behaviour of the Discord login system, rather than a Discourse-specific issue.
This is not the intended behavior. Other sites and forums I use login with discord only requires a one time authentication. After that, any time you login with discord you’re automatically logged in without going to the auth page.
I wonder if it’s because of the missing prompt param to none in the auth URL?
prompt controls how the authorization flow handles existing authorizations. If a user has previously authorized your application with the requested scopes and prompt is set to consent , it will request them to reapprove their authorization. If set to none , it will skip the authorization screen and redirect them back to your redirect URI without requesting their authorization
Perhaps this could be updated within Discourse? As far as I know, this is not something I can do in my administrative panel, or the discord dev portal.
within the file and rebuilding, seeing if that fixes it.
Edit: On second thought, I don’t think I can locate the file that would allow me to implement this. I think a fix from Discourse is what is necessary in order to get this functioning as intended.
Cool. Do I need to do anything else (but wait for an update?)
I’m assuming there is no real ETA for a fix like this, and it likely depends on an urgency status flow. It’s just a minor inconvenience, I suppose. But it would be awesome to see fixed!
It still takes you to the discord auth page, however, the user no longer has to click authorize. The page will reload then take you back to your discourse page.
One step forward, another step backward.
Edit: I see @Arkshine and I tested the change and got the same result.
Even with the change, it still proceeds you to the discord authentication page - which it shouldn’t do (although this time you don’t need to manually press authenticate).
Submitting a PR with the suggested change unfortunately would not fix the issue.