{"id":48456064,"url":"https://github.com/cclloyd/keycloak-discord-auth","last_synced_at":"2026-04-06T23:01:22.129Z","repository":{"id":349635028,"uuid":"1203214866","full_name":"cclloyd/keycloak-discord-auth","owner":"cclloyd","description":"An Identity Provider for Keycloak that can filter to only allow a single discord guild to login.","archived":false,"fork":false,"pushed_at":"2026-04-06T21:08:28.000Z","size":20,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-06T22:24:54.949Z","etag":null,"topics":["discord","identityprovider","keycloak","oidc","sso"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cclloyd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-06T20:45:36.000Z","updated_at":"2026-04-06T21:14:47.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/cclloyd/keycloak-discord-auth","commit_stats":null,"previous_names":["cclloyd/keycloak-discord-auth"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/cclloyd/keycloak-discord-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cclloyd%2Fkeycloak-discord-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cclloyd%2Fkeycloak-discord-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cclloyd%2Fkeycloak-discord-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cclloyd%2Fkeycloak-discord-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cclloyd","download_url":"https://codeload.github.com/cclloyd/keycloak-discord-auth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cclloyd%2Fkeycloak-discord-auth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31492751,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T17:22:55.647Z","status":"ssl_error","status_checked_at":"2026-04-06T17:22:54.741Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["discord","identityprovider","keycloak","oidc","sso"],"created_at":"2026-04-06T23:00:49.411Z","updated_at":"2026-04-06T23:01:22.112Z","avatar_url":"https://github.com/cclloyd.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Keycloak Discord Identity Provider (Guild-Gated)\n\nCustom Keycloak SPI identity provider for Discord (Keycloak). Implements guild-gated first login where:\n- Existing users already linked to Discord can log in regardless of guild membership. (Done manually through user page on Keycloak admin console)\n- Otherwise you can specify a discord guild that the user must be a member of to be allowed to log in.\n\n## Build\n```bash\nmvn -DskipTests package\n```\nCopy the built JAR to your Keycloak providers dir (`/opt/keycloak/providers`)\n\n\n## Discord Setup\n1. Create a Discord application at https://discord.com/developers/applications\n2. Add an OAuth2 redirect URI matching your Keycloak realm/broker endpoint, e.g.:\n   - `https://\u003cyour-keycloak-host\u003e/realms/\u003crealm\u003e/broker/discord/endpoint`\n3. Note the Client ID and Client Secret.\n\n\n## Keycloak Setup\n1. Drop the JAR into your Keycloak providers directory and restart Keycloak.\n2. In the Admin Console → Identity Providers → Create, pick \"Discord\" (the custom provider from this SPI).\n3. Configure:\n   - Client ID / Client Secret from Discord Developer Portal\n   - Scopes: leave default (`identify email guilds`) or customize\n   - Required Discord Guild ID: set to your guild ID.\n4. First Broker Login Flow:\n   - Use the built-in \"First Broker Login\" flow, ensure it contains \"Review profile\" (or \"Update profile\").\n   - This will prompt the user for a username because this provider leaves `username` unset for first-time logins.\n   - Email is set from Discord; the user may be prompted to confirm/update if your flow requires it.\n\n\n## Behavior Details\n- Existing Linked Users:\n  - If a federated identity link already exists (Discord user ID linked to a local user), login is allowed with no guild check.\n- New Users (no link yet):\n  - Provider calls Discord `GET /users/@me/guilds` (requires `guilds` scope) and checks for the configured guild ID.\n  - If not a member → authentication error is thrown and login is blocked.\n  - If a member → Keycloak proceeds with First Broker Login; user account is created with email from Discord and username is requested.\n- Email:\n  - Requires `email` scope and that the Discord user granted it. If email is missing and your flow requires it, Keycloak will prompt via \"Review profile\".\n\n\n## Notes \u0026 Tips\n- Ensure your realm has a reliable username policy since users will be prompted to choose one.\n- If you prefer stricter email handling, add the \"Verify Email\" required action or execution in First Broker Login.\n- Discord scope `guilds` is sufficient to list guilds for the current user. No bot or privileged intents required.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcclloyd%2Fkeycloak-discord-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcclloyd%2Fkeycloak-discord-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcclloyd%2Fkeycloak-discord-auth/lists"}