Set Discord to Prompt = None #605
Conversation
|
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/nextauthjs/next-auth/ojdi60ris |
|
I think it's always better to provide a prompt so the user knows which data the application has access to. @iaincollins what are your thoughts about this one? |
|
@LoriKarikari I agree, but it will be great as a configurable option to the application owner. |
|
@nyedidikeke yes we should add an option to change this. |
|
@iaincollins I think we should leave the option as it is now but make it possible to change this value? |
|
The way that the prompt works is the first time the user auths with the app, they have to give consent. Then every time after, they don't (provided the scopes are the same). It's basically cookie/session based login just if you have a Discord session it still works. |
|
In that case, it's fine to merge this PR! Thanks for the clarification @anishanne! |
There was a problem hiding this comment.
@anishanne @LoriKarikari I don't think it's a good idea to change the current behaviour unless programmatically optional and easily configurable but should this be considered, let's not override #590 as Discordapp.com is now Discord.com.
|
@nyedidikeke I think it would be better to not request users for consent each time they decide to login, if the scopes are the same & its the same user, just log them right in. However I would agree that making it configurable might be the best bet here. |
|
I'm going to leave this one open and see what @iaincollins thinks about this. |
|
@anishanne @LoriKarikari @nyedidikeke Thanks everyone! I think Most providers with this way, though Google actually has the same option. By default they do not prompt after the initial sign in (unless you have multiple accounts, then sometimes you are asked to pick one). However with Google, you can request a prompt on sign in. Usually there are only some scenarios where a prompt is required and specific reasons for doing it. e.g. In the case of Google it can be used to to issue a Refresh Token again - as, unlike other providers, they usually only provide one on initial sign in and you are expected to store it in a database - their intended use case for prompting and re-issuing one is mobile or desktop applications (that persist sessions forever, but need to get it again if the user uninstalls and reinstalls the app as unlike a web app they don't usually store it in an online database). We can always add an example to the documentation for this for folks who might want to prompt if there is use case for it. If folks want to configure this they can always override the I agree it seems like |
|
Thanks folks! Will merge in now and will go out in the next release! |
|
🎉 This PR is included in version 3.2.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
When you set the value of
prompttononein the get params, Discord will not prompt the user if they have auth'd with your app before. (It will just display the page and then the page disappears and they are in.)Docs: https://discord.com/developers/docs/topics/oauth2#authorization-code-grant-authorization-url-example