Remote Authentication (Mobile)
In the context of remote authentication, the mobile client is the device that is logged in and willing to transfer credentials to the desktop client. See the introduction for more information.
Protocol
Upon scanning the QR code, the mobile client should extract the fingerprint from the received URL (the URL should be in the format https://discord.com/ra/<fingerprint>).
Once the client has a fingerprint, it can create a new remote auth session using Create Remote Auth Session. After the session has been established, the client should prompt the user to either accept or deny the request, and then perform this action using Finish Remote Auth or Cancel Remote Auth.
Endpoints
Create Remote Auth Session
POST/users/@me/remote-authCreates a new remote auth session. This sends the current user info to the desktop client.
JSON Params
| Field | Type | Description |
|---|---|---|
| fingerprint | string | The fingerprint corresponding to the desktop remote auth client |
Response Body
| Field | Type | Description |
|---|---|---|
| handshake_token | string | The handshake token that can be used to finish or cancel the session |
Example Response
Finish Remote Auth
POST/users/@me/remote-auth/finishFinishes a remote auth session. This ends the remote auth session by sending an authentication token to the desktop client. Returns a 204 empty response on success.
JSON Params
| Field | Type | Description |
|---|---|---|
| handshake_token | string | The handshake token that represents the remote auth session |
| temporary_token? 1 | boolean | Whether the authentication token should expire (default false) |
1 Expiring authentication tokens are not yet supported.
Cancel Remote Auth
POST/users/@me/remote-auth/cancelCancels a remote auth session. This ends the remote auth session without sending an authentication token. Returns a 204 empty response on success.
JSON Params
| Field | Type | Description |
|---|---|---|
| handshake_token | string | The handshake token that represents the remote auth session |