Discord OAuth2 Access_Token is Opaque #4090
Unanswered
zachsmith1
asked this question in
API Feature Requests & Ideas
Replies: 1 comment
-
|
you should be doing the token exchange on your backend. if you do that, I don't see any way that it could be tampered or not received from Discord. (unless different parts of your backend don't trust each other, but I'm not sure what to suggest at that point) |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Can discord support Audience for Authorization Code Flow? It appears the code returned is an Opaque token
During my OAuth2 Authorization Code flow, if I want to send the users token to one of my backend services I want to be able to validate the token without making an additional api call to discord. Typically this is done by checking the signature/etc and comparing it to the payload to ensure discord was the issuer and it wasn't tampered with. Maybe I'm missing something but I need to validate the access_token on a backend service and don't want to use api calls to do so.
Beta Was this translation helpful? Give feedback.
All reactions