Discord Connection Prompts for Consent Every Login

Knowledge Solutions
, ,
1

Overview

When using the Discord social connection, the user is prompted for their consent on permissions the application is requesting every time they authenticate with Discord.

Cause

The upstream_params object is missing from the Discord connection’s options, which applies a “prompt=none” parameter to the authorize call Auth0 makes.

Solution

The upstream_params object can be added to the Discord connection’s options to apply a “prompt=none” parameter to the authorize call Auth0 makes.

While the consent prompt may still be shown, it no longer requires user input and will automatically redirect back to the application after a short wait.

"options": {
		"scope": "identify email",
		"scripts": {
			"fetchUserProfile": "function fetchUserProfile(accessToken, context, callback) {\n  request.get({\n    url: 'https://discordapp.com/api/users/@me',\n    headers: {\n      'Authorization': 'Bearer ' + accessToken\n    }\n  },\n  (err, resp, body) => {\n    if (err) {\n      return callback(err);\n    }\n\n    if (resp.statusCode !== 200) {\n      return callback(new Error(`[Response code: ${resp.statusCode}] ${body}`));\n    }\n\n    let bodyParsed;\n    try {\n      bodyParsed = JSON.parse(body);\n    } catch (jsonError) {\n      return callback(new Error(body));\n    }\n\n    \n    const profile = {\n      user_id: bodyParsed.id,\n      nickname: bodyParsed.username,\n      name: bodyParsed.username,\n    };\n\n    if (bodyParsed.email) {\n      profile.email = bodyParsed.email;\n      profile.email_verified = bodyParsed.verified;\n    }\n\n    \n    if (bodyParsed.avatar) {\n      profile.picture = `https://cdn.discordapp.com/avatars/${bodyParsed.id}/${bodyParsed.avatar}.png`;\n    }\n\n    return callback(null, profile);\n  });\n}"
		},
		"icon_url": "https://cdn.auth0.com/marketplace/catalog/content/assets/creators/discord/discord-avatar.png"",
		"tokenURL": "https://discordapp.com/api/oauth2/token"",
		"client_id": "YOUR_DISOCRD_CLIENT_ID",
		"client_secret": "YOUR_DISCORD_CLIENT_SECRET",
		"upstream_params": {
			"prompt": {
				"value": "none"
			}
		},
		"authorizationURL": "https://discordapp.com/api/oauth2/authorize"",
		"integration_name": "discord"
	}

This upstream_params object can be used to pass any other parameters that may be required to the upstream IdP (Discord in this case).

Please note that when PATCHing a connection, the entire “options” object needs to be sent, as it will overwrite the existing object.