Logo / Docs

OpenID Connect with Discord

Configure OpenID Connect with Discord

Once you have completed this configuration you may enable an OpenID Connect Login with Discord button for one or more FusionAuth Applications. See Discord - OAuth2 for an additional reference.

Login with Discord

Here’s a diagram of the login flow between:

  • the user
  • your application
  • FusionAuth and
  • a remote identity provider
ProviderFusionAuthAppUser/BrowserProviderFusionAuthAppUser/BrowserUser Is Logged In And App Can ProceedDelivering Data And FunctionalityView Initial PageClick LoginDisplays Login PageIncluding Link To 'Login With Provider'Clicks On 'Login With Provider'Redirect To Provider Authorization URLEnters CredentialsValidate CredentialsRedirect to App With Authorization CodeRequests Page, Has Authorization CodeCalls Complete LoginWith Code And Redirect URIExchanges Code AndRedirect URI For Provider TokenReturns Provider TokenStores Provivider Token, Calls Lambda, Creates User And Registrations (If Needed), Generates FusionAuth TokensReturn FusionAuth TokensCreate Session OrOtherwise Log User In

Although this looks complex, the user only sees a few screens, such as the FusionAuth login screen, the provider login screen, and your application.

Register a Discord OAuth2 Application

First, log in to Discord. Then, navigate to https://discord.com/developers/applications/ and create a new application.

Discord Client ID and Secret

Finally, configure OAuth2 for your Discord app by opening Selected App -> Settings -> OAuth2 in the navigation pane on the left side of the screen.

Register a new Discord OAuth Application

To configure the callback URL for your application, add /oauth2/callback to the URL for your instance of FusionAuth. In the screenshot, FusionAuth is running at https://login.piedpiper.com so the redirect URL is https://login.piedpiper.com/oauth2/callback.

Note the CLIENT ID and the CLIENT SECRET after the application is created. You’ll use these to configure the Client Id and Client secret values for your FusionAuth OpenID Connected Identity Provider.

Configure a New FusionAuth OpenID Connect Identity Provider

To create a Discord Identity Provider, open FusionAuth, navigate to Settings -> Identity Providers , and click Add OpenID Connect.

On the Add OpenID Connect screen fill out the required fields:

  • Client Id and Client secret use the CLIENT ID and CLIENT SECRET values that you noted earlier.
  • Redirect URL is generated for you and is based on the URL for the instance FusionAuth. The value must match the redirect URL for your Discord application that you configured previously.

Next, disable the Discover endpoints field as Discord doesn’t implement a well-known configuration endpoint. Instead, add the endpoints manually. The values for the fields are:

  • Authorization endpoint - https://discord.com/api/oauth2/authorize
  • Token endpoint - https://discord.com/api/oauth2/token
  • Userinfo endpoint - https://discord.com/api/users/@me

In the Scope field for your application specify the scopes identify and email. Also, set Client authentication method to Request body (client_secret_post), as Discord expects the client_secret in the request body of the authentication request.

Discord doesn’t use the standard email identity claims. Open the Options tab and update the Unique Id Claim field to id and the Email verified claim field to verified.

FusionAuth Discord Change Claim

The Applications tab at the bottom of the screenshot below shows that the identity provider is enabled for the Pied Piper application. In addition, Create registration is also enbabled.

The Discord implementation of OpenID Connect doesn’t currently follow the full specification. You can optionally populate additional data for the user profile, such as the Discord username and avatar URL, by enabling an Reconcile lambda . See the lambda documentation for more information.

That’s it, now the Login with Discord button will show up on the login page of our PiedPiper application.

The following image shows the upper portion of the discord Identity Provider configuration:

FusionAuth Discord IdP Configuration

And here is an image with the lower portion of the discord Identity Provider configuration:

FusionAuth Discord IdP Configuration