I found a similar request like this but it's 3 years old. I want to resurrect this topic and share additional reasons why IMO I think this is important for every involved part, including discord.
- It's 2021, there is an increasing number of gaming webapps and apps which are using discord as de facto login provider. Actually, we are not using the oAuth2 API, but only the '/@me' oAuth endpoint to implement a 'Login with discord' feature. This results in an overkill for all actors involved: Discord authentication servers which must deal with a request every time we need our users to access a protected resource on our webapp/app, our servers which need to make such requests and our users who suffer the extra time for the additional round-trip.
- Google, Microsoft, Paypal and Apple are examples of big companies that implemented this standard on top of their oAuth APIs because of this.
- Without a standard like OpenID Connect, is harder for developers to implement the 'Login with Discord' feature and leads to each of them making its own implementation, which is very error-prone. This feature is strictly related to security for every app out there using 'Login with Discord', so implementing and standard with good docs is critical for security reasons.
Implementing OpenID Connect would allow us to verify the id_token from our users with the Discord Public key on our end, without needing additional network round-trips and thus saving all parts involved from such hassle and resource waste. Also, being a well-known and tested standard makes it easy for developers to implement it and discord developers to document it, with the consequent benefits in terms of safety and performance.
Войдите в службу, чтобы оставить комментарий.