Introducci贸n a OAuth 2.0 y OIDC
驴Qu茅 aprenderas en este curso?
驴Qu茅 es la autenticaci贸n?
驴Qu茅 es la autorizaci贸n?
驴Por qu茅 son importantes OAuth y OIDC?
Preview: protecci贸n de un endpoint
OAuth 2.0 y OIDC en acci贸n
JSON Web Tokens
驴Qu茅 es un JSON Web Token?
Sesiones vs. Tokens
Firmando un JSON Web Token
Verificando un JSON Web Token
Quiz: JSON Web Tokens
Open Authorization 2.0
驴Qu茅 es OAuth 2.0?
Flujos en OAuth 2.0
驴C贸mo elegir el flujo adecuado?
Spotify: Authorization Code Flow
Twitter: Authorization Code Flow with PKCE
Twitch: Implicit Grant Flow
Discord: Client Credentials Grant
Auth0: Resource Owner Password Flow
Quiz: Open Authorization 2.0
Open ID Connect
驴Qu茅 es OpenID Connect?
Auth0: Implicit Flow with Form Post
Curity: Hybrid Flow
Quiz: Open ID Connect
OAuth y OIDC en producci贸n
驴Cu谩ndo no son convenientes los JWT?
驴Qu茅 debo tener en cuenta al usar OAuth 2.0?
Autenticaci贸n en minutos con NextAuth
Toma el Curso Pr谩ctico de Auth0
You don't have access to this class
Keep learning! Join and start boosting your career
Connecting services efficiently is essential in multiple technology projects. Cloud Credentials Flow, specifically with Discord, allows us to visualize how we can authenticate services to each other without the need for manual intervention, driving automation and process optimization. This use in Discord is relevant for rapid testing and bot development, but also allows to deepen the understanding of machine-based authentication flows.
To implement this flow, you need to create an application on the Discord developer portal. Follow these steps:
As you continue, you will identify the key elements for authentication:
client_id
and expose the client_secret
, entering your authentication code if necessary.You will implement a simple Express server. Here are the essential steps:
client_id
and client_secret
.identify
and guilds
to access respectively user and server data.With the above defined, the authentication scheme will look like the following:
const express = require('express');const fetch = require('node-fetch');require('dotenv').config();
const app = express();const DISCORD_TOKEN_URL = 'https://discord.com/api/oauth2/token';const client_id = process.env.CLIENT_ID;const client_secret = process.env.CLIENT_SECRET;const scopes = 'identify guilds';
app.listen(3005, () => { console.log('Server running on http://localhost:3005');});
The request flow is direct and is carried out in the following way:
client_id
and client_secret
.access_token
, which you will rename for later use in camelCase.const params = new URLSearchParams();params.append('client_id', client_id);params.append('client_secret', client_secret);params.append('grant_type', 'client_credentials');params.append('scope', scopes);
fetch(DISCORD_TOKEN_URL, { method: 'POST', body: params, headers: { ' Content-Type': 'application/x-www-form-urlencoded', },},}).then(response => response.json()).then(data => { const accessToken = data.access_token; fetchWithToken(accessToken);}).catch(console.error);
Authentication will lead you to the possibility of interacting with Discord user and server data. Configure the fetch for this interaction:
function fetchWithToken(token) { const options = { headers: { 'Authorization': `Bearer ${token}`, }, }, };
// Fetch user data fetch('https://discord.com/api/users/@me', options) .then(response => response.json()) .then(userData => console.log(userData)).catch(console.error);
// Fetch guild data fetch('https://discord.com/api/users/@me/guilds', options).then(response => response.json()).then(guildData => console.log(guildData)).catch(console.error);}
This flow is ideal for machine-to-machine integrations, where direct human interaction is not required. It is efficient for:
As a challenge, try implementing Client Credentials in a service other than Discord to broaden your practical understanding and strengthen your API integration skills. Remember that perseverance and constant practice are key in the world of technology development, keep learning and experimenting with new integrations!
Contributions 0
Questions 0
Want to see more contributions, questions and answers from the community?