Discord
OAuth 2.0 with the bot scope plus a server bot. The connect URL passes permissions=2048 (SEND_MESSAGES). Channel discovery uses the bot token via the bot API.
Authentication at a glance
| Field | Value |
|---|---|
| Auth model | OAuth 2.0 |
| Required ENV | DISCORD_CLIENT_ID, DISCORD_CLIENT_SECRET, DISCORD_BOT_TOKEN |
| Callback URL | ${BASE_URL}/api/v1/auth/discord/callback |
| Scopes / permissions | identify, guilds, bot |
| Auto token refresh | Yes — every 7 days before expiry |
ENV details
DISCORD_BOT_TOKEN is the bot's own token from the Discord Developer Portal — required for the backend to list channels and post on the bot's behalf.
How to connect
- Open Connections → Discord → Connect.
- Pick a guild you administer; Discord prompts to approve both the OAuth scopes and the bot invite.
- Sosyabot lists writable channels and selects the first as default.
Token refresh
Auto-refreshed. Default access-token TTL is 1 hour. Discord returns a new refresh token on every refresh; Sosyabot rotates them.
Notes
- The bot must be invited to the target guild for callback to succeed — the connect URL bundles the OAuth grant with the bot invite, but admins on the target guild must approve it.
- Channel listing only includes text (
type 0) and announcement (type 5) channels the bot can write to. The first writable channel is auto-selected as default. - Channel ID is composite:
${guildId}:${channelId}. Pick a different channel from the channel-picker after connect if needed.
Troubleshooting
If the channel shows needs_reconnect, the access token was rejected by Discord. Common causes:
- The user revoked Sosyabot's authorization on the platform.
- The platform invalidated the token (password change, security event).
- Your OAuth app credentials rotated and the existing tokens no longer match.
Re-run the connect flow above. See Troubleshooting for the workspace-wide checklist.