How would i go about implementing it such that for a user to sign in with discord they need to have certain roles.

Add 2 fields to the setup process where you can enter a server id and a list of roles from that server. Initially a implementation that supports 1 server and a list of roles might be fine but down the line a method to add multiple servers with different roles could also be interesting. For this, a json field containing the servers and roles for each server might be a better implementation from a functionality point of view but worse from a user interface, or a ui with server selection and role selection for the current user might also be a valid way of handling it. Eg use the current users token to fetch a list of servers and a list of roles of those servers,

server/guilds might be used interchangeably as discord isn't static with their naming either.

@valerio.bozzolan & @avivey What is the best practice for setting up the role/server check when new users attempt to auth via the oauth, you can't set limits on the oauth from discords side of view so you'd need to set them up on phorge, I've put down some ideas in the above comment.

2ndly, I can't seem to get the avatar working, the link should be returned in the correct format looking at the other auth providers or maybe it'
s a deeper issue that requires a bit more digging?

I'd like to see this as an Extension rather then go into the rP, just because we want to have more stuff as extensions; I think this area is abstracted enough so that it can easily be made that way.

Re: multiple servers - is that actual different instances (different URI, credentials, etc), or something more user-facing division? If it's using different credentials, it would probably be simpler to allow defining multiple instances of the Auth Provider, one per server.

re: roles - are you asking about roles in Discord? So a user can only log in if they have some role(s) there?
I think you'll need to make another query in the register/link flow to monitor that. Not sure if it's possible in the Login flow, but if not, you could try mirroring the roles to Tags in Phorge (see https://secure.phabricator.com/T3980).

Re: avatar - basically, each website implements OAuth a little differently, which is why we have so much code for each provider... It's just a matter of figuring out what Discord expects you to do to get the avatar image.

In T15708#15014, @avivey wrote:

I'd like to see this as an Extension rather then go into the rP, just because we want to have more stuff as extensions; I think this area is abstracted enough so that it can easily be made that way.

That could be a good target as well for this, Is there docs on how extensions should be made?

Re: multiple servers - is that actual different instances (different URI, credentials, etc), or something more user-facing division? If it's using different credentials, it would probably be simpler to allow defining multiple instances of the Auth Provider, one per server.

It's user facing, eg you're a member of a given server with specific roles, and each user can be a member of multiple servers and each server has a unique set of roles. But it would be used to enable/disable users and auto approved if they have the required roles and rejected login if they don't

re: roles - are you asking about roles in Discord? So a user can only log in if they have some role(s) there?
I think you'll need to make another query in the register/link flow to monitor that. Not sure if it's possible in the Login flow, but if not, you could try mirroring the roles to Tags in Phorge (see https://secure.phabricator.com/T3980).

Re: avatar - basically, each website implements OAuth a little differently, which is why we have so much code for each provider... It's just a matter of figuring out what Discord expects you to do to get the avatar image.

Yeah, from what i understood it should just be the url of a image, discords don't lock these down behind any of auth, and are located at on a cdn.. the function is already in place in the diff i made but it doesn't seem to work.

return sprintf('https://cdn.discordapp.com/avatars/%s/%s.png', $this->getOAuthAccountData('id'), $this->getOAuthAccountData('user_avatar'));

Doc(s) on new extensions: I remember having a chapter under /book/contrib/, but I can't find it now. We should build a guide under T15030.
Short answer: create a new repo, make an src dir with all the code, and run arc liberate to create a "library" (including __phutil_library_init__.php and __phutil_library_map__.php), and then add the path of the extension to load-libraries in conf.json.

Installing an extension is basically git-clone it and add to load-libaries.

We can host extensions here (https://we.phorge.it/diffusion/query/xc7VOj0h4yxf/) .

it would be used to enable/disable users and auto approved if they have the required roles and rejected login if they don't

Sounds like just adding a lot of specialized code in the AuthProvider class.

Sounds easy enough to implement.

Yeah but the same code would be relevant for aad/ad Auth provider in terms of roles.