fpm-auth: Discord OAuth Integration

[AbrarNitk]

Status: Pending

Follow: #585

Author: Wasif

Code PR: #670
Doc PR: Pending

Discord Integartion

We are integrating with Discord in fpm, the user will be able to log in with Discord OAuth on fpm sites. Using Discord resources we are going to provide some user identities to use based on discord resources. For example, any logged-in user will be able to access the fpm pages if it is a part of the discord channel, discord server, etc...

In the below example, I have created a user-group with a single identity discord-family and used it on route /family/. If a user is a part of the discord channel discord-family then only it will able to access the /family/ route.

-- fpm.user-group: discord-family
discord-channel: discord-family

-- fpm.sitemap:

# Home: /

## Family Discussion: /family/
readers: discord-family

Create an OAuth Application

We have to create an OAuth Application on Discord to retrieve the client ID and client secret.

Discord Create Application: https://discord.com/developers/applications

OAuth2 URLs

Base authorization URL: https://discord.com/oauth2/authorize
Token URL: https://discord.com/api/oauth2/token
Token Revocation URL: https://discord.com/api/oauth2/token/revoke

Discord OAuth2 Scopes

List of scopes the discord supports

• guilds: allows /users/@me/guilds to return basic information about all of a user's guilds
• guilds.members.read: allows /users/@me/guilds/{guild.id}/member to return a user's member information in a guild
• identify: allows /users/@me without email

For More...

State and Security

When a user begins the authorization flow on the client, a state is generated that is unique to that user's request. This value
is stored somewhere only accessible to the client and the user, i.e. protected by the same-origin policy When the user is redirected the state parameter is returned. The client validates the request by checking that the state matches the stored value.

For More...

Authorization Code Grant

After clicking on the login button user will be redirected to the Authorization URL

Authorization URL

https://discord.com/oauth2/authorize?
response_type=code&
client_id=157730590492196864&
scope=identify%20guilds.join&
state=15773059ghq9183habn&
redirect_uri=https%3A%2F%2Fabrark.com/auth/discord/callback&
prompt=consent

Redirect URL

https://abrark.com/auth/discord/callback?
code=NhhvTDYsFcdgNLnnLijcl7Ku7bEEeee&
state=15773059ghq9183habn

Access Token Exchange

After redirecting back to abrark.com with code and state, abrark's service will exchange the token by passing the
code from discord API https://discord.com/api/v10.

import requests

API_ENDPOINT = 'https://discord.com/api/v10'
CLIENT_ID = '332269999912132097'
CLIENT_SECRET = '937it3ow87i4ery69876wqire'
REDIRECT_URI = 'https://nicememe.website'

def exchange_code(code):
  data = {
    'client_id': CLIENT_ID,
    'client_secret': CLIENT_SECRET,
    'grant_type': 'authorization_code',
    'code': code,
    'redirect_uri': REDIRECT_URI
  }
  headers = {
    'Content-Type': 'application/x-www-form-urlencoded'
  }
  r = requests.post('%s/oauth2/token' % API_ENDPOINT, data=data, headers=headers)
  r.raise_for_status()
  return r.json()

Access Token Response

{
  "access_token": "6qrZcUqja7812RVdnEKjpzOL4CvHBFG",
  "token_type": "Bearer",
  "expires_in": 604800,
  "refresh_token": "D43f5y0ahjqew82jZ4NViEr2YafMKhue",
  "scope": "identify"
}

---

Discord Resources and FPM Identities

Discord Channel Member discord-channel: <channel-id>

This identity will verify if the logged-in user is a member of the given channel.

API Details

Discord Server Member discord-server: <server-id>

This identity will verify if the logged-in user is a member of the given server.

API Details

Discord Thread Member discord-thread: <channel-id>

This identity will verify if the logged-in user is a member of the given thread.

API Details

Discord HasPermission discord-permission: <todo>

• Is Administrator
• Manage Channels
• Manage Guild/Server
• View Channel
• Send Messages
• etc...

API Details

Discord Scheduled Event discord-event: <event-id>

This identity will verify if the logged-in user is a member of the given scheduled event.

API Details

[wasif1024]

I have created first pull request. It contains functionality for discord authorisation and saving access_token and discord user name in our cookies. Also discord logout feature.
#670

[wasif1024]

I have pushed code in same PR having discord-server feature.
-- fpm.user-group: discord-server
discord-server: FifthTry.com

[wasif1024]

Another code pushed for discord-thread feature.
https://discord.com/api/channels/{thread-id}/thread-members
Header
Authorization: Bot {bot-token}
-- fpm.user-group: discord-thread
discord-thread: 1050487724727091291

[wasif1024]

For discord-event functionality i will use below given apis and input params from ftd
https://discord.com/api/guilds/{guild-id}/scheduled-events/{event-id}/users
Header
Authorization: Bot {bot-token}
discord-event: 1050685780747620362

[wasif1024]

For discord servers use below api
API Docs: https://discord.com/api/users/@me/guilds
-- fpm.user-group: discord-server
discord-server: FifthTry.com

[wasif1024]

For discord i have implemented following functionalities.
1: User Authentication
2: Discord Bot creation.
3: Creating my own discord server and adding discord bot into it.
4: I have saved discord bot id,guild(server) id,app id,app public id,client id and client secret in .env file of fpm.
5: Following apis i have implemented for discord given below

Discord Server Member
discord-server:{server-name}
discord-server: FifthTry.com
Header Params
Authoriation: Bearer {access_token}
https://discord.com/api/users/@me/guilds

Discord Thread Member
discord-thread: {channel-id}
discord-event: 1050685780747620362
Header Params
Authoriation: Bot {bot token}
https://discord.com/api/channels/%7Bthread-id%7D/thread-members

Discord HasPermission
discord-permission:{permission-id}
discord-permission: 1050685780747620362
Header Params
Authoriation: Bot {bot token}
API Docs: https://discord.com/api/guilds/{guild-id}/members/{user-id}

Discord Scheduled Event
discord-event: {event-id}
discord-event: 1050685780747620362
Header Params
Authoriation: Bot {bot token}
https://discord.com/api/guilds/%7Bguild-id%7D/scheduled-events/%7Bevent-id%7D/users