Modern Discord OAuth made simple. disauth wraps the Discord OAuth2 and REST APIs with safe defaults, PKCE helpers, and rich typings so you can add login flows to bots, dashboards, and tooling faster.
/users/@me, guilds, and linked connectionsClient, plus utilities like generatePkcePairpnpm add disauth
# or
npm install disauth
# or
yarn add disauth
# or
bun add disauth
import { Client } from "disauth";
const client = new Client({
clientId: process.env.DISCORD_CLIENT_ID!,
clientSecret: process.env.DISCORD_CLIENT_SECRET!,
redirectUri: "https://your-app.dev/oauth/callback",
scopes: ["identify", "email"],
});
// 1. Redirect users to Discord
const authUrl = client.generateAuthUrl("state-token");
// 2. Exchange the authorization code in your OAuth callback handler
const { access_token, refresh_token } = await client.exchangeCode(code);
// 3. Call Discord APIs on behalf of the user
const user = await client.getUser(access_token);
PKCE is pre-baked: generate a verifier/challenge pair on the client, send the challenge with the authorization URL, and later pass the verifier when exchanging the code.
import { Client, generatePkcePair } from "disauth";
const pkce = generatePkcePair();
const authUrl = client.generateAuthUrl({
state: "csrf-token",
codeChallenge: pkce.challenge,
codeChallengeMethod: pkce.method,
});
// Later in the callback route
const tokens = await client.exchangeCode(code, pkce.verifier);
const tokens = await client.exchangeClientCredentials([
"applications.commands",
]);
const guilds = await client.api("/users/@me/guilds", access_token);
Pass a full URL to hit custom endpoints or proxies. Headers and request options can be overridden via the third parameter.
await client.revokeToken(refresh_token, { tokenTypeHint: "refresh_token" });
Errors thrown by the client extend DiscordHttpError. OAuth-specific issues raise DiscordOAuthError with the raw payload attached.
import { DiscordOAuthError } from "disauth";
try {
await client.exchangeCode(code);
} catch (error) {
if (error instanceof DiscordOAuthError) {
console.error(error.error, error.description);
}
}
The package exports the complete list of scopes (DISCORD_OAUTH_SCOPES), prompt types, connection and guild interfaces, and Discord endpoints for convenience.
FAQs
Discord authentication library for Node.js applications using OAuth2.
We found that disauth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.