Mohron
commented
7 years ago So a user's login information (username, password, one time code) isn't stored at all. It's used to authenticate with Discord at which point, DiscordBridge gets an authentication token to validate the account in the future. these are what are stored in plain-text json.
Unfortunately at this time, the more secure method of using OAuth does not allow controlling the user's account and cannot be used to send chat on their behalf. So until Discords advanced OAuth features become public, there is no real alternative.
Beware that the user's commands may be logged in the console, logging their username and password.
Cash120
Is there a method in place for securely storing user logins so as to hide/obfuscate them from the admins of a server? This would be an excellent feature for servers where players don't know all of the staff.