Receiving Could not get result from torus nodes Duplicate token found error when using Custom verifier for Discord.
- This is because Discord issues the same token for 30 mins.
- We revoke it for you for default verifiers( such as when using Web3Auth Modal
@webauth/modal). - But when using Custom Verifier for Discord, the integrating dApps have to revoke the token themself before attempting the next login by using discord clientId and the secret to revoke the token.
Here’s the sample code to revoke the token:
const axios = require("axios").default;
const FormData = require("form-data");
const { DISCORD_CLIENT_SECRET, DISCORD_CLIENT_ID } = process.env;
const { token } = req.body;
const formData = new FormData();
formData.append("token", token);
await axios.post("https://discord.com/api/oauth2/token/revoke", formData, {
headers: {
...formData.getHeaders(),
Authorization: `Basic ${Buffer.from(`${DISCORD_CLIENT_ID}:${DISCORD_CLIENT_SECRET}`, "binary").toString("base64")}`,
},
});
Thank you @shahbaz! Any idea on how we get the Discord token before sending it to the backend? Thank you!
@shahbaz - btw, is it safe to revoke the token from the client side? I guess not, because the call involves the DISCORD_CLIENT_SECRET, though in the example demo app the revocation is done client side and I see no warnings so I’m a bit confused: https://github.com/Web3Auth/web3auth-pnp-examples/blame/7ddbcf05e191df113b05e79d8888e24b603fcc79/web-no-modal-sdk/custom-authentication/single-verifier-examples/discord-no-modal-example/src/App.tsx#L185
I agree with you, @rafael.korbas. The process should be performed only on the server side and not on the client side. Thank you for bringing this to my attention. I will add a comment in the code snippet to clarify that it was just for demonstration purposes.
1 Like