Skip to content

feat(auth): add Discord as auth provider with guild membership verification#1354

Open
evanjacobson wants to merge 17 commits intomainfrom
feature/user-profile-connect-social-accounts
Open

feat(auth): add Discord as auth provider with guild membership verification#1354
evanjacobson wants to merge 17 commits intomainfrom
feature/user-profile-connect-social-accounts

Conversation

@evanjacobson
Copy link
Contributor

@evanjacobson evanjacobson commented Mar 20, 2026
edited
Loading

Summary

  • Add Discord as an OAuth auth provider on the user profile page, using a separate Discord OAuth app (distinct from the existing bot)
  • Add Discord guild membership verification — checks if the user is a member of the Kilo Discord server via the bot API
  • Auto-verify guild membership when a user first links their Discord account; re-verify button available for non-members
  • New DB migration adds discord_server_member and discord_server_member_at columns to kilocode_users

Verification

  • pnpm typecheck — passes
  • pnpm test — passes
  • Link Discord account on profile page
  • Guild membership auto-verifies after linking
  • Re-verify button works for non-members
  • Soft delete nullifies new Discord columns

Visual Changes

New "Discord Server Membership" card on the user profile page showing:

  • Prompt to link Discord if not connected
  • Green checkmark with verification date if user is a Kilo Discord member
  • "Not a member" status with invite link and re-verify button otherwise

Loom (Kilo Team only)

https://www.loom.com/share/3512eb86ef38454d86c95fa7cbfc51f1

Other PRs for this feature

#1356

Reviewer Notes

  • Discord OAuth app env vars (DISCORD_OAUTH_CLIENT_ID, DISCORD_OAUTH_CLIENT_SECRET) are separate from the existing bot token (DISCORD_OAUTH_BOT_TOKEN) — the bot token is used server-side for guild membership checks
  • discord_provider_account_id was intentionally excluded from the getDiscordGuildStatus response to minimize API surface
  • Guild check errors are caught and sanitized to avoid leaking internal details (rate limits, missing env vars) to the client

@evanjacobson
feat(auth): add Discord as auth provider with guild membership schema
112d0ba 
Add Discord OAuth provider (identify+email) to NextAuth, following
the existing GitHub/GitLab/LinkedIn pattern. Includes DB migration
for discord_server_member tracking columns, GDPR soft-delete coverage,
DiscordLogo component, and provider metadata registration.
@evanjacobson
feat(auth): add Discord guild membership verification
ede8fa5 
Add backend service to check Discord guild membership via Bot API,
tRPC routes for querying/verifying status, and DiscordGuildStatus
UI component on the Connected Accounts page.
@evanjacobson
docs(plans): update connect-socials tracking to reflect completed imp…
5e5d4e4 
…lementation
@evanjacobson
chore: rename DISCORD_GUILD_ID to DISCORD_SERVER_ID to match env var
67729b4
@evanjacobson
refactor(auth): separate Discord OAuth app env vars from existing bot
4cc3152 
Use DISCORD_OAUTH_CLIENT_ID, DISCORD_OAUTH_CLIENT_SECRET, and
DISCORD_OAUTH_BOT_TOKEN for the user-linking OAuth app, keeping
the existing DISCORD_* vars untouched for the bot integration.
@evanjacobson
feat(auth): auto-verify Discord guild membership after linking
06c3626 
When a user lands on /connected-accounts with Discord linked but
never verified, automatically trigger the guild membership check
instead of requiring a manual button click.
@evanjacobson
feat(auth): add Kilo Discord server invite link to guild status UI
2de4a42
@evanjacobson
Merge branch 'main' of github.com:Kilo-Org/cloud into feature/user-pr…
4963d67 
…ofile-connect-social-accounts
@evanjacobson
Destructured mutate from verifyMutation and used verifyMutate in the …
8951f2f 
…useEffect dependency array. The mutate function is referentially stable, so this resolves the @tanstack/query/no-unstable-deps lint error.
@evanjacobson
fix(auth): sanitize Discord guild check errors and remove unused prov…
196b0f6 
…ider ID from response

Wrap checkDiscordGuildMembership in try/catch to prevent leaking
internal error details (rate limits, missing env vars) to the client.
Remove discord_provider_account_id from getDiscordGuildStatus response
since the client never uses it.
@evanjacobson
refactor(auth): collapse discord_server_member columns, add display_n…
c832c1f 
…ame, clear on unlink

- Remove discord_server_member boolean; use discord_server_membership_verified_at
  timestamp alone (non-null = member, null = not verified/not a member)
- Add display_name column to user_auth_provider and store Discord username
- Clear discord_server_membership_verified_at when unlinking Discord
- Regenerate migration (0057) to reflect new schema
@evanjacobson evanjacobson mentioned this pull request Mar 21, 2026
Draft
7 tasks
@evanjacobson
refactor(auth): move Discord auto-verify server-side and use captureE…
181a3a5 
…xception

- Remove client-side auto-verify useEffect; verify guild membership
  server-side during account creation and linking instead
- Extract tryVerifyDiscordGuildMembership helper to avoid duplication
- Replace console.error with captureException for Discord API errors
- Simplify DiscordGuildStatus component to be purely declarative
@evanjacobson
(chore) oxfmt
38106bc
@evanjacobson
fix(test): add display_name to multi-auth test linkAuthProviderToUser…
abcc6ee 
… calls
@evanjacobson
Remove extraneous file
7164140
@evanjacobson evanjacobson marked this pull request as ready for review March 21, 2026 01:49
kilo-code-bot[bot]
kilo-code-bot bot reviewed Mar 21, 2026
View reviewed changes
@kilo-code-bot
Copy link
Contributor

kilo-code-bot bot commented Mar 21, 2026
edited
Loading

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (1 files)
  • src/components/profile/DiscordGuildStatus.tsx

Reviewed by gpt-5.4-20260305 · 188,540 tokens

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kilo-code-bot kilo-code-bot[bot] kilo-code-bot[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@evanjacobson