After you change the response_type, try visiting the link and authorizing your application. Unlike the implicit grant flow, you need an OAuth2 URL where the response_type is code. Notice that this way, the access token never actually reaches the user throughout the process. This flow involves receiving an access code, which your server then exchanges for an access token. This flow is great and simple, but you don't get to refresh the token without the user, and it is less secure than going through the authorization code grant flow. What you did in the quick example was go through the implicit grant flow, which passed the access token straight to the user's browser. Even though URLSearchParams open in new window is for working with query strings, it can work here because the structure of the fragment follows that of a query string after removing the leading "#".ĭon't forgo security for a tiny bit of convenience! # Authorization code grant flow
Modify index.html to add your OAuth2 URL and to take advantage of the access token if it exists. You now have an access token and can make requests to Discord's API to get information on the user. Once you click through, it will redirect you to your redirect URL with a fragment identifier open in new window appended to it. You can see that by clicking Authorize, you allow the application to access your username and avatar. Visiting it in your browser, you will be directed to a page that looks like this: However, this means you will not get a refresh token, which means the user will have to explicitly re-authorize when this access token has expired.Īfter you change the response_type, you can test the URL right away. You can do so by changing the response_type in the URL to token. For basic applications like SPAs open in new window, getting an access token directly is enough. Now you need to use those two things to get an access token. You have your website, and you have a URL. You can find a list of all scopes here open in new window. The identify scope will allow your application to get basic user information from Discord. Use this to create a URL for yourself with the identify scope.
Lower down on the page, you can conveniently find an OAuth2 URL Generator provided by Discord. Once you've added your redirect URL, you will want to generate an OAuth2 URL. Copy these values into your config.json file you'll need them later. Take note of the client id and client secret fields. Open your Discord applications open in new window, create or select an application, and head over to the "OAuth2" page. Now that you have a web server up and running, it's time to get some information from Discord. Although we're using express, there are many other alternatives to handle a web server, such as: fastify open in new window, koa open in new window, and the native Node.js http module open in new window.
0 kommentar(er)
