Implement OpenID Connect for increasing number of gaming apps/webapps using "Login with Discord"
I found a similar request like this but it's 3 years old. I want to resurrect this topic and share additional reasons why IMO I think this is important for every involved part, including discord.
- It's 2021, there is an increasing number of gaming webapps and apps which are using discord as de facto login provider. Actually, we are not using the oAuth2 API, but only the '/@me' oAuth endpoint to implement a 'Login with discord' feature. This results in an overkill for all actors involved: Discord authentication servers which must deal with a request every time we need our users to access a protected resource on our webapp/app, our servers which need to make such requests and our users who suffer the extra time for the additional round-trip.
- Google, Microsoft, Paypal and Apple are examples of big companies that implemented this standard on top of their oAuth APIs because of this.
- Without a standard like OpenID Connect, is harder for developers to implement the 'Login with Discord' feature and leads to each of them making its own implementation, which is very error-prone. This feature is strictly related to security for every app out there using 'Login with Discord', so implementing and standard with good docs is critical for security reasons.
Implementing OpenID Connect would allow us to verify the id_token from our users with the Discord Public key on our end, without needing additional network round-trips and thus saving all parts involved from such hassle and resource waste. Also, being a well-known and tested standard makes it easy for developers to implement it and discord developers to document it, with the consequent benefits in terms of safety and performance.
-
I was just searching online for an openid connect method for discord, and it's pretty disappointing to see there's feature requests from as far back as 2019. especially considering all the benefits OP mentions of using openid connect over plain oauth. I'd hands-down be adding "login with discord" buttons to my own apps and sites if this was provided.
discord, pls fix
0
Войдите в службу, чтобы оставить комментарий.
Комментарии
1 комментарий