Creating an Authorization System for a Discord.JS Bot

Bob_Clever · April 7, 2025, 10:27am

Hey everyone! I’m working on a Discord bot using Discord.JS. I want it to give users a special role on my server after they authorize the bot for their account. But I’m stuck on how to check if a user has actually authorized the bot.

Here’s what I’ve got so far in my main.js file:

const { Client, Events, GatewayIntentBits } = require('botkit');
const { secretKey } = require('./settings.json');
const { HashMap } = require('botkit')

const bot = new Client({ intents: [GatewayIntentBits.Servers] });
bot.actions = new HashMap();

const cmdDir = path.join(__dirname, 'actions');
const actionFolders = fs.readdirSync(cmdDir);

for (const folder of actionFolders) {
    const actionsPath = path.join(cmdDir, folder);
    const actionFiles = fs.readdirSync(actionsPath).filter(file => file.endsWith('.js'));
    for (const file of actionFiles) {
        const filePath = path.join(actionsPath, file);
        const action = require(filePath);
        if ('info' in action && 'run' in action) {
            bot.actions.set(action.info.name, action);
        } else {
            console.log(`[ERROR] Action at ${filePath} is missing "info" or "run" property.`);
        }
    }
}

bot.on(Events.InteractionCreate, async interaction => {
    if (!interaction.isChatInputCommand()) return;

    const action = interaction.client.actions.get(interaction.commandName);

    if (!action) {
        console.error(`Action ${interaction.commandName} not found.`);
        return;
    }

    try {
        await action.run(interaction);
    } catch (error) {
        console.error(error);
        const reply = { content: 'Oops! Something went wrong.', ephemeral: true };
        if (interaction.replied || interaction.deferred) {
            await interaction.followUp(reply);
        } else {
            await interaction.reply(reply);
        }
    }
});

Is this even possible? Any tips would be super helpful. Thanks!

JackHero77 · April 17, 2025, 8:08am

To implement authorization for your Discord bot, you’ll need to set up OAuth2 integration. This involves creating an authorization URL for users to grant permissions to your bot. Once authorized, you’ll receive an access token. Store this token along with the user’s Discord ID in a database.

When a user interacts with your bot, query your database to check if their Discord ID is present. If it is, you can then assign the special role. You’ll need to add database functionality to your code, possibly using something like MongoDB or SQLite.

Remember to handle token expiration and refreshing as well. This approach ensures only authorized users receive the special role on your server.

Liam_25Meditation · April 16, 2025, 10:35am

yo bob, looks like ur on the right track! for auth, u could use OAuth2 flow. after user authorizes, store their discord ID in a database. then check that DB when they interact with ur bot. if their ID’s there, give em the role. might wanna look into discord’s oauth2 docs for more deets. good luck!

Tom42Gamer · April 15, 2025, 11:14am

I’ve tackled a similar challenge with my Discord bot. Here’s what worked for me:

Implement OAuth2 flow as others suggested, but also consider using a state parameter for added security. When a user initiates auth, generate a unique state value and store it temporarily.

After successful authorization, verify the returned state matches what you stored. This prevents CSRF attacks.

For persistence, I found Redis worked well for storing user tokens. It’s fast and supports automatic expiration, which is handy for managing token lifetimes.

One gotcha: make sure to handle cases where users revoke bot access. Periodically check token validity and remove invalid ones from your storage.

Lastly, implement rate limiting on your auth endpoint to prevent abuse. This saved me headaches down the line.

Hope this helps with your implementation!