FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Accessing Discord API after authenticating with Discord OIDC

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    2
    3
    20.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joelhoward0
      last edited by

      Hey all -

      I'm fairly new to OIDC, although I'm an experienced fullstack dev so I'm pretty technical. I'm just having trouble getting a handhold on the question below:

      After I've authenticated my React application via a FusionAuth OIDC Discord IdP, how do I actually retrieve the token to access Discord API on behalf of the logged-in user (for example, to list their servers using this endpoint).

      I'm having a hard time Googling etc for this info since I'm not sure I understand the right keywords to use, and searching for "api" "token" etc just returns info about the OIDC integration generally.

      Does my goal here make sense and if so where should I look to start understanding it? Thank you!

      danD 1 Reply Last reply Reply Quote 0
      • danD
        dan @joelhoward0
        last edited by

        @joelhoward0 Hiya, welcome to FusionAuth!

        I posted a bit about this here, but the long an short of it is that there are a few things you need to do to get access to a token allowing you to make calls against discord.

        First, some steps when you are configuring the OIDC Identity Provider:

        • Make sure you request the refresh token in your initial request. From their docs, they imply you always get it, so maybe there's no additional config here.
        • Ask for any other scopes you need: guilds, bot etc. Those are listed at the docs I mentioned above.

        Next, when you successfully authenticate with Discord, to get an access token, you need to do the following each time you want to make a call to Discord:

        • In backend code, with an API key which has proper permissions, request the identity link for the user and the discord identity provider.
        • Look in the token field. This contains that refresh token.
        • Take the refresh token and present it to discord in a refresh grant
        • Your code will get back an access token valid for a certain length of time.
        • Present that access token to the discord APIs using Bearer authentication.

        Hope that helps!

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        J 1 Reply Last reply Reply Quote 1
        • J
          joelhoward0 @dan
          last edited by

          Hey @dan - thank you for your thorough reply! And sorry for the delay,

          I think I've got the refresh token and the correct scopes. What I don't have currently is a backend - I only have a client-side application and my self hosted FusionAuth, currently. It seems like if I need to access the FusionAuth backend in order to pull the user's Discord token from the link, there will be no way to do this securely without a separate backend. Does that sound right?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post