OpenID Connect with Discord

Configure OpenID Connect with Discord

Once you have completed this configuration you may enable an OpenID Connect “Login with Discord” button for one or more FusionAuth Applications. See Discord - OAuth2 for an additional reference.

Login with Discord

Here's a diagram of the login flow between:

  • the user
  • your application
  • FusionAuth and
  • a remote identity provider such as Discord
User/BrowserAppFusionAuthIdentityProviderUser Is Logged In And App Can ProceedDelivering Data And FunctionalityView Initial PageClick LoginRedirect To FusionAuth Authorization URLRequest Login PageReturn Login PageClicks On 'Login With Identity Provider'Redirect To Identity Provider Authorization URLEnter CredentialsValidate CredentialsRedirect To FusionAuth With Identity Provider Authorization CodeRequests Page, Has Identity Provider Authorization CodeExchange Authorization Code ForIdentity Provider TokenReturns Identity Provider TokenStores IdentityProvider Token, CallsLambda, Creates UserAnd Registrations (IfNeeded), GeneratesFusionAuth TokensRedirect To Redirect URI With FusionAuth Authorization CodeRequest Redirect URI, Has FusionAuthAuthorization CodeRequest FusionAuth TokensReturn FusionAuth TokensCreate Session OrOtherwise Log User InUser/BrowserAppFusionAuthIdentityProvider

Logging In Using Discord

Although this looks complex, the user only sees a few screens, such as the FusionAuth login screen, the Discord login screen, and your application.

Register a Discord OAuth2 Application

You will first need to log in to Discord.

Once logged in, navigate to https://discord.com/developers/applications/ and create a new application.

Discord Client ID and Secret

Once the application has been created, note the CLIENT ID and the CLIENT SECRET. These will be used respectively as the Client Id value and the Client secret value in your FusionAuth OpenID Connect Identity Provider configuration.

Now navigate to Selected App -> Settings -> OAuth2 in the navigation pane on the left side of the screen to configure OAuth2 for your Discord app.

Register a new Discord OAuth Application

Here we have configured a REDIRECT for our application. If FusionAuth is running at https://login.piedpiper.com, this value should be https://login.piedpiper.com/oauth2/callback.

Configure a New FusionAuth OpenID Connect Identity Provider

To create a Discord Identity Provider return to FusionAuth and navigate to Settings -> Identity Providers and click Add OpenID Connect.

This will take you to the Add OpenID Connect screen, and you’ll fill out the required fields. Client Id and Client secret values reference the previously noted Discord Application’s CLIENT ID and CLIENT SECRET. The Redirect URL is read only and generated for you based upon the URL of FusionAuth. This value should match the one you configured in your Discord application.

Discord has not implemented a well-known configuration endpoint, so you will need to disable the Discover endpoints field and specify the endpoints manually. The values for these fields are:

  • Authorization endpoint - https://discord.com/api/oauth2/authorize
  • Token endpoint - https://discord.com/api/oauth2/token
  • Userinfo endpoint - https://discord.com/api/users/@me

You will need to specify the scopes identify and email in the Scope field for your application.

You will need to set Client authentication method to Request body (client_secret_post), as Discord expects the client_secret in the request body of the authentication request.

Additionally, you will need to update the Unique Id Claim field to id (from the standard claim of sub) under the Options tab.

FusionAuth Discord Change Claim

In the following screenshot you will see that we have enabled this login provider for the Pied Piper application and enabled Create registration .

Discord does not implement OpenID Connect to spec. In order to pull in some additional data for populating the user profile (Discord username, Avatar URL, etc.) you can enable a Reconcile lambda . Review the lambda documentation to learn about how to create and assign your own lambda. This is optional.

That’s it, now the Login with Discord button will show up on the login page of our PiedPiper application.

Here is the upper portion of the discord Identity Provider configuration:

FusionAuth Discord IdP Configuration

Here is the lower portion of the discord Identity Provider configuration:

FusionAuth Discord IdP Configuration