My app is a SPA using vue on the front end and express on the back. I'm using redis and postgres as stores. I have my own permissions and role scheme that is seperate from discord so I need to map the discord user to the role and permissions I have locally on my site (I check for a specific role id when the user authenticates).So I'm working on authenticating my users with discord. I also have local authentication (email, password). Some site functionality requires a user record, so if a user authenticates through discord I still have to create a record.I'm using the authorization grant flow, so the user will click on the login through discord button, the authorize this app page will pop up and the user will grant the app authorization. Now I'm doing something a little different. Instead of navigating off site to authorize I'm creating a popup window for the authorize window. When the user clicks on the authorize button that popup window will be redirected to my api (not the front end client).The api will validate the state and use the code to retrieve the access code, I then use access_token to retrieve the user (I need the id), and from that user id and a baked in guild id (atm) I use that to retrieve the guild member from the discord api. All in all that's 3 http requests going from my backend api to the discord api (the token, the user, and finally the guild member). I then create my own jwt token (I'm not using the token provided by discord since I need to embed my own roles and permission scheme, user info, etc in the token so I can use it on the backend for further authentication).Once I send the token to the front, I close the popup window.My question is this all seems extremely convoluted, and I wondering if I should just bite the bullet and do it the ordinary boring way (lol). I'm not entirely sure how I can get the token to the parent browser window either without using a socket. That would require me to have a naked unprotected socket which seems like an extreme security concern.Any advice would be appreciated.
Submitted May 20, 2020 at 05:17PM by _spacec0wb0y_
No comments:
Post a Comment