I’m developing a Discord bot that should work with a third-party learning management system API to retrieve users’ course details and assignment alerts. The bot needs to access information like course listings and assignment deadlines for its users.
The straightforward method would be to request the users to provide their API authentication tokens directly in Discord, but this approach clearly breaches several terms of service.
While I have a basic understanding of the OAuth2 process, I’m struggling to figure out how to implement it with my Discord bot acting as the client and the LMS system maintaining the private user information.
I’m especially confused about executing the OAuth2 process without a web interface, as a Discord bot operates more like a command line application. Additionally, I’m uncertain about the redirect_uri parameter when there isn’t a web page involved in the authentication.
I tried conducting the OAuth2 workflow by sending a request to this endpoint:
https://school-lms.edu/auth/oauth/authorize?client_id=ABC123&response_type=code&redirect_uri=https://mysite.com/callback&state=XYZ&scope=read_courses%20read_assignments
I’m unsure of what to input for client_id since the LMS only allows creating access tokens. Furthermore, I’m still confused about the right redirect_uri to provide since my application doesn’t feature any web-based elements.
Any advice would be greatly appreciated!
OAuth2 without a web interface is tricky but totally doable. Spin up a localhost server that opens automatically when the user runs your auth command - something like http://localhost:8080/callback. Most LMS systems accept localhost URLs for development. User clicks the auth link, completes OAuth in their browser, gets redirected back to your local server which grabs the code and shuts down. Way cleaner than hosting a separate web server IMO.
You’re hitting a common issue with Discord bots and OAuth2. Even though it’s a bot, you still need a web component to handle the OAuth2 callback. Here’s how I solved it: I built a minimal web server that catches the OAuth2 callback and links the authorization back to the Discord user. For your client_id problem - you need to register your app with the LMS’s OAuth2 provider first. Most educational systems have a developer portal or admin section where you can create OAuth2 apps. Those ‘access tokens’ you mentioned are probably for a different auth method. For the redirect_uri, set up a simple Express server (or whatever) that takes the authorization code, swaps it for an access token, and stores the token with the Discord user ID. Send users to your web endpoint through Discord, and after they authorize, show them a ‘return to Discord’ message. The flow looks like: Discord command → bot sends auth URL → user authorizes via web → your server gets callback → token stored → user goes back to Discord. This keeps everything secure while bridging Discord’s command interface with OAuth2’s web-based flow.
I hit this exact problem when connecting my Discord bot to Canvas API. OAuth2 needs a web redirect, so you’ll need a hybrid setup. First, register your app with your LMS’s OAuth2 system - this isn’t the same as generating API tokens. Most educational platforms have a developer section where you can create OAuth2 apps and grab your client_id and client_secret. For the redirect_uri, I built a simple web server that handles the OAuth callback. When users need to authenticate, the bot sends them a personalized auth URL with their Discord user ID in the state parameter. After they complete OAuth on the LMS site, my callback gets the authorization code, swaps it for an access token, and saves that token in a database tied to their Discord ID. Then they just go back to Discord and use the bot normally. This keeps everything secure while working with both platforms’ limits. The web part doesn’t need to be fancy - just a basic callback handler that connects the OAuth response to your Discord bot’s database.