Skip to content

feat(auth): add Discord as auth provider with guild membership verification#1354

Merged
evanjacobson merged 19 commits intomainfrom
feature/user-profile-connect-social-accounts
Mar 23, 2026
Merged

feat(auth): add Discord as auth provider with guild membership verification#1354
evanjacobson merged 19 commits intomainfrom
feature/user-profile-connect-social-accounts

Conversation

@evanjacobson
Copy link
Contributor

@evanjacobson evanjacobson commented Mar 20, 2026
edited
Loading

Summary

  • Add Discord as an OAuth auth provider on the user profile page, using a separate Discord OAuth app (distinct from the existing bot)
  • Add Discord guild membership verification — checks if the user is a member of the Kilo Discord server via the bot API
  • Auto-verify guild membership when a user first links their Discord account; re-verify button available for non-members
  • New DB migration adds discord_server_member and discord_server_member_at columns to kilocode_users

Verification

  • pnpm typecheck — passes
  • pnpm test — passes
  • Link Discord account on profile page
  • Guild membership auto-verifies after linking
  • Re-verify button works for non-members
  • Soft delete nullifies new Discord columns

Visual Changes

New "Discord Server Membership" card on the user profile page showing:

  • Prompt to link Discord if not connected
  • Green checkmark with verification date if user is a Kilo Discord member
  • "Not a member" status with invite link and re-verify button otherwise

Loom (Kilo Team only)

https://www.loom.com/share/3512eb86ef38454d86c95fa7cbfc51f1

Other PRs for this feature

#1356

Reviewer Notes

  • Discord OAuth app env vars (DISCORD_OAUTH_CLIENT_ID, DISCORD_OAUTH_CLIENT_SECRET) are separate from the existing bot token (DISCORD_OAUTH_BOT_TOKEN) — the bot token is used server-side for guild membership checks
  • discord_provider_account_id was intentionally excluded from the getDiscordGuildStatus response to minimize API surface
  • Guild check errors are caught and sanitized to avoid leaking internal details (rate limits, missing env vars) to the client

@evanjacobson
feat(auth): add Discord as auth provider with guild membership schema
112d0ba 
Add Discord OAuth provider (identify+email) to NextAuth, following
the existing GitHub/GitLab/LinkedIn pattern. Includes DB migration
for discord_server_member tracking columns, GDPR soft-delete coverage,
DiscordLogo component, and provider metadata registration.
@evanjacobson
feat(auth): add Discord guild membership verification
ede8fa5 
Add backend service to check Discord guild membership via Bot API,
tRPC routes for querying/verifying status, and DiscordGuildStatus
UI component on the Connected Accounts page.
@evanjacobson
docs(plans): update connect-socials tracking to reflect completed imp…
5e5d4e4 
…lementation
@evanjacobson
chore: rename DISCORD_GUILD_ID to DISCORD_SERVER_ID to match env var
67729b4
@evanjacobson
refactor(auth): separate Discord OAuth app env vars from existing bot
4cc3152 
Use DISCORD_OAUTH_CLIENT_ID, DISCORD_OAUTH_CLIENT_SECRET, and
DISCORD_OAUTH_BOT_TOKEN for the user-linking OAuth app, keeping
the existing DISCORD_* vars untouched for the bot integration.
@evanjacobson
feat(auth): auto-verify Discord guild membership after linking
06c3626 
When a user lands on /connected-accounts with Discord linked but
never verified, automatically trigger the guild membership check
instead of requiring a manual button click.
@evanjacobson
feat(auth): add Kilo Discord server invite link to guild status UI
2de4a42
@evanjacobson
Merge branch 'main' of github.com:Kilo-Org/cloud into feature/user-pr…
4963d67 
…ofile-connect-social-accounts
@evanjacobson
Destructured mutate from verifyMutation and used verifyMutate in the …
8951f2f 
…useEffect dependency array. The mutate function is referentially stable, so this resolves the @tanstack/query/no-unstable-deps lint error.
@evanjacobson
fix(auth): sanitize Discord guild check errors and remove unused prov…
196b0f6 
…ider ID from response

Wrap checkDiscordGuildMembership in try/catch to prevent leaking
internal error details (rate limits, missing env vars) to the client.
Remove discord_provider_account_id from getDiscordGuildStatus response
since the client never uses it.
@evanjacobson
refactor(auth): collapse discord_server_member columns, add display_n…
c832c1f 
…ame, clear on unlink

- Remove discord_server_member boolean; use discord_server_membership_verified_at
  timestamp alone (non-null = member, null = not verified/not a member)
- Add display_name column to user_auth_provider and store Discord username
- Clear discord_server_membership_verified_at when unlinking Discord
- Regenerate migration (0057) to reflect new schema
@evanjacobson evanjacobson mentioned this pull request Mar 21, 2026
Draft
7 tasks
@evanjacobson
refactor(auth): move Discord auto-verify server-side and use captureE…
181a3a5 
…xception

- Remove client-side auto-verify useEffect; verify guild membership
  server-side during account creation and linking instead
- Extract tryVerifyDiscordGuildMembership helper to avoid duplication
- Replace console.error with captureException for Discord API errors
- Simplify DiscordGuildStatus component to be purely declarative
@evanjacobson
(chore) oxfmt
38106bc
@evanjacobson
fix(test): add display_name to multi-auth test linkAuthProviderToUser…
abcc6ee 
… calls
@evanjacobson
Remove extraneous file
7164140
@evanjacobson evanjacobson marked this pull request as ready for review March 21, 2026 01:49
kilo-code-bot[bot]
kilo-code-bot bot reviewed Mar 21, 2026
View reviewed changes
@kilo-code-bot
Copy link
Contributor

kilo-code-bot bot commented Mar 21, 2026
edited
Loading

Code Review Summary

Status: 2 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 2
SUGGESTION 0
Issue Details (click to expand)

No new issues found in the incremental diff.

Other Observations (not in diff)

Issues found in unchanged code that cannot receive inline comments:

File Line Issue
src/lib/integrations/discord-guild-membership.ts 16 Unbounded Discord API call can stall auth flows
src/components/profile/DiscordGuildStatus.tsx N/A Query failures are rendered as "not a member"

Resolved in new commits: the previous src/lib/user.ts error-swallowing concern is addressed by logging Discord verification failures to Sentry.

Files Reviewed (3 files)
  • packages/db/src/migrations/0058_social_connect.sql - 0 issues
  • packages/db/src/migrations/meta/_journal.json - 0 issues
  • src/lib/user.ts - 0 new issues; previous Sentry logging concern resolved

Fix these issues in Kilo Cloud

Reviewed by gpt-5.4-20260305 · 533,150 tokens

@evanjacobson
Address two review comments: added abort timeout to membership check,…
27a6763 
… and added an error message when membership check fails
@evanjacobson
Update to official Discord invite
90637e6
@evanjacobson
Merge origin/main into feature/user-profile-connect-social-accounts
f86010b 
Regenerated drizzle migration as 0058 to resolve collision with
0057_backfill_billing_misclassified from main.
jeanduplessis
jeanduplessis approved these changes Mar 23, 2026
View reviewed changes
@evanjacobson
fix: log discord membership verification errors to Sentry
08935db 
Report caught errors with operation tag and user context instead of
silently swallowing them. Also rename migration 0058 for clarity.
@evanjacobson evanjacobson merged commit e6ec716 into main Mar 23, 2026
18 checks passed
@evanjacobson evanjacobson deleted the feature/user-profile-connect-social-accounts branch March 23, 2026 18:55
@emilieschario emilieschario mentioned this pull request Mar 23, 2026
Merged
emilieschario added a commit that referenced this pull request Mar 23, 2026
@emilieschario
Revert "feat(auth): add Discord as auth provider with guild membershi…
a443127 
…p verification" (#1423)

Reverts #1354
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kilo-code-bot kilo-code-bot[bot] kilo-code-bot[bot] left review comments

@jeanduplessis jeanduplessis jeanduplessis approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@evanjacobson @jeanduplessis