Skip to content

Instantly share code, notes, and snippets.

@Vap0r1ze
Last active April 7, 2024 14:54
Show Gist options
  • Save Vap0r1ze/776b0f841ce01fc2b0801933b79960df to your computer and use it in GitHub Desktop.
Save Vap0r1ze/776b0f841ce01fc2b0801933b79960df to your computer and use it in GitHub Desktop.
Discord OAuth2 Flow

Discord OAuth2

Step 1

You: Redirect User to https://discordapp.com/api/oauth2/authorize

Query Params
name value
client_id Your application's Client ID
scope A list of scopes, delimited by spaces
redirect_uri The uri to send the user after authorization

Step 2

Discord: Redirect User to redirect_uri

Query Params
name value
code Temporary code for requesting access token

Step 3

You: POST https://discordapp.com/api/oauth2/token

"Form Data" means the body must be sent as application/x-www-form-urlencoded

Form Data
name value
client_id Your application's client id
client_secret Your application's client secret
code Temporary code for requesting access token
grant_type "authorization_code"
redirect_uri The uri to send the user after authorization
Response JSON Data
name value
access_token Token used to make api requests as user
refresh_token Token used to get a new access token
expires_in Expiry time relative to now in seconds
scope List of scopes the access token has

Refreshing an access token

You: POST https://discordapp.com/api/oauth2/token

Form Data
name value
client_id Your application's client id
client_secret Your application's client secret
refresh_token Refresh token for desired user
grant_type "refresh_token"
@ascooper57
Copy link

The solution was to use qs to stringify and add the header:

    headers: {
      'content-type': 'application/x-www-form-urlencoded;charset=utf-8',
    },

@Vap0r1ze
Copy link
Author

Vap0r1ze commented Mar 2, 2021

For future reference, "Form Data" means the body must be sent as application/x-www-form-urlencoded

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment