Splunk: Authentication with Discord? Wht not! (OAuth 2.0)

As some of you may already know, thanks to OAuth standard (which stands for Open Authorization) we don't need a separate account for every single website. It allows us to share information about our Google account with a third party, such as our name and e-mail address. On many sites we are free to use that "Login with Google/Facebook/other" button to sign up and/or login. Thanks to OAuth we don't have to give our password to the app/website. Upon login we are redirected to the OAuth provider site to login there (for instance to our Google account). And now the best part - if we are already logged on the provider site, this is likely to result in instant login on a third party site (sometimes interrupted by a pop up to confirm OAuth scope). 

Here is a list of well-known OAuth providers (Wikipedia):
https://en.wikipedia.org/wiki/List_of_OAuth_providers

To get better understanding of OAuth 2.0 I would recommend reading these docs for developers:
Using OAuth 2.0 to Access Google APIs.

 Google clearly documents OAuth flow in multiple scenarios (sample diagram below).


Using Discord as OAuth 2.0 provider for Splunk

I have a (private) Splunk instance that I use to keep logs from game servers. Initially I was the only user, however now I would like to grant access to my gaming fellows. I would like to use Discord as my Identity Provider because it is the platform that each of us uses. The only issue is that Splunk does not support OAuth natively. Of course it might be accomplished by a scripted auth, however that's not an effort I am happy to take for my after-work fun project. Fortunately there is an easier solution, as Auth0 provides an out-of-the-box integration with Discord! As you may remember from my previous posts, I have already figured out how to set up Splunk with Auth0 and SAML:

  1. Splunk, Auth0 and SAML SSO - part 1: IdP configuration
  2. Splunk, Auth0 and SAML SSO - part 2: Splunk configuration

These are the few extra steps to enable Discord integration:

  1. Go to Discord Developer Portal and create a new app (or use an existing one, if you want).


  2. Select your new app and go to OAuth2 tab. Add new redirect URI (you need to point to Auth0).
    Also note your Client ID and Client Secret - you will need them later.


  3. Go to Auth0 dashboard and get Discord integration from the Marketplace (it is available for free). 
  4. Discord is going to appear in Authentication section under Social. Enter the Client ID and Client Secret under Settings tab.


  5. On Applications tab just select the app to use Discord integration. That's it!


  6. Once everything is ready, you are going to see Discord as an available Social login.


Comments

Popular posts from this blog

Study notes: Understanding DNSSEC

Linux: auditd fundamentals