FluxyAPIFluxyAPI
BlocksOAuth Providers

Discord OAuth2 Exchange

Authenticate users via Discord's OAuth2 to retrieve access tokens and user profile data.

The Discord OAuth2 Exchange block allows you to exchange an authorization code for a Discord access token and basic user information. This is used for implementing "Log in with Discord" or interacting with the Discord API on behalf of a user.

Core Concept

After a user authorizes your application on Discord, they are sent back to your Redirect URI with a code. This block exchanges that code for a token, which allows you to identify the user and perform actions in their name.

Configuration

FieldRequiredDescription
Client IDYour Discord application's Client ID from the Discord Developer Portal.
Client SecretYour Discord application's Client Secret. Must be stored as a Secret.
Redirect URIThe URI where Discord redirects the user after authorization.
Authorization CodeThe code received from Discord (e.g., {request.query.code}).
Access Token VariableThe variable name where the resulting data will be stored.
Security Requirement

Always store your Client Secret in the project's Secrets configuration. Never hardcode it as a plain string in the block.

Output

Once executed, the block stores a JSON object in your specified variable:

{
  "tokens": {
    "access_token": "6qrZcUqja7812RVdnEKjpzOL4CvHBFG",
    "token_type": "Bearer",
    "expires_in": 604800,
    "refresh_token": "D43f5y0ahjqew82jZ4NViEr2YafMKhue",
    "scope": "identify"
  },
  "user": {
    "id": "80351110224678912",
    "username": "nelliel",
    "discriminator": "0001",
    "avatar": "8342729096ea3675442027381ff50fd2",
    "email": "[email protected]"
  }
}

You can access specific fields using dot notation:

  • {discord_auth.user.username}
  • {discord_auth.tokens.access_token}

Error Handling

  • MISSING_CLIENT_ID — The Client ID field is empty.
  • MISSING_CLIENT_SECRET — The Client Secret selection is empty.
  • MISSING_REDIRECT_URI — The Redirect URI is missing.
  • MISSING_CODE — No authorization code was provided.
  • SECRET_RETRIEVE_ERROR — Failed to retrieve the secret from storage.
  • INVALID_CODE — The authorization code is invalid or has already been used.
  • INVALID_CLIENT — Client authentication failed (check your Client Secret).
  • INVALID_REDIRECT_URI — The Redirect URI does not match the one registered in Discord.
  • INVALID_REQUEST — The request is missing a required parameter.
  • USER_FETCH_ERROR — Failed to retrieve the user profile after token exchange.
  • RUNTIME_ERROR — An unexpected error occurred.

Example

  1. User Login: Redirect your user to Discord's Auth URL.
  2. Callback: Discord redirects to your endpoint: https://your-api.com/callback?code=abc123xyz.
  3. Exchange: Use this block to process the code:
    • Authorization Code: {request.query.code}
    • Access Token Variable: discord_session
  4. Result: You now have the user's ID {discord_session.user.id} to identify them in your database.

Other OAuth Providers

On this page