keycloak-discord
keycloak-discord copied to clipboard
wadahiro
Add support for guild roles
Grafana does this nicely with
GF_AUTH_GENERIC_OAUTH_TEAMS_URL=https://discordapp.com/api/users/@me/guilds/GUILD_ID/member"
would allow us to map roles from discord with roles in keycloak?
@Netherwhal Thank you for the feature request.
To call this API, we would first call https://discord.com/api/users/@me/guilds to get all the guild IDs that the logged-in user has joined, while also calling this API for each. In other words, the more guilds a user is a member of, the more APIs will be executed.
The big problem is that this API has a very low Rate Limit. I actually called the API and found that it can only be called 5 times in 5 minutes (probably per logged in user).
x-ratelimit-bucket: c2412ef55a2efd5b52331deb1d4b7d4d
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1667551712
x-ratelimit-reset-after: 300
Therefore, if we implement this API, it is likely to fall into the Rate Limit soon unless we perform some filtering such as limiting it to specific guild IDs (1 to 5).
By limiting it to one specific guild this will become an awesome feature imo.
@Netherwhal Thank you for the feature request.
To call this API, we would first call https://discord.com/api/users/@me/guilds to get all the guild IDs that the logged-in user has joined, while also calling this API for each. In other words, the more guilds a user is a member of, the more APIs will be executed.
The big problem is that this API has a very low Rate Limit. I actually called the API and found that it can only be called 5 times in 5 minutes (probably per logged in user).
x-ratelimit-bucket: c2412ef55a2efd5b52331deb1d4b7d4d x-ratelimit-limit: 5 x-ratelimit-remaining: 4 x-ratelimit-reset: 1667551712 x-ratelimit-reset-after: 300Therefore, if we implement this API, it is likely to fall into the Rate Limit soon unless we perform some filtering such as limiting it to specific guild IDs (1 to 5).
Btw, the rate limit is based on the token of the user, so if 100 people is trying to authenficate, they have rate limit for each user and not one for all application. So this is possible and simple to implement !
There is a fork that's doing this work but for groups instead, https://github.com/pjeanjean/keycloak-discord For achieving this, it might be worth looking into ~~stealing~~ merging some of the work from there?
@wadahiro Could you consider creating a PR if you consider your dev operational?
For those of y'all who want to get this working right this moment, I've forked the previous repo, updated it to v22, added documentation on role syncing & merged #34 into it.
https://github.com/NotActuallyTerry/keycloak-discord
You can grab a pre-built jar via the Releases
@wadahiro @pjeanjean @rpeper I can open a PR to merge these changes into the repo if you're happy w the changes
Hey,
I don't mind at all if you reuse what I did on my fork and make it into a PR. Just note that:
- it was my first time making a Keycloak plug-in,
- this was made with a specific deployment in mind, so even though it was tested a bit and seems to work, I haven't put much thought into what others could do with it,
- and I ~~stole~~ edited this mapper to tie up everything, but it is probably overkill right now...
