search

wadahiro / keycloak-discord

Keycloak Identity Provider extension for Discord
121 stars 64 forks source link

Add support for guild roles #26

Open Netherwhal opened 1 year ago

Netherwhal commented 1 year ago

Grafana does this nicely with 

GF_AUTH_GENERIC_OAUTH_TEAMS_URL=https://discordapp.com/api/users/@me/guilds/GUILD_ID/member"

would allow us to map roles from discord with roles in keycloak?

wadahiro commented 1 year ago

@Netherwhal Thank you for the feature request.

To call this API, we would first call https://discord.com/api/users/@me/guilds to get all the guild IDs that the logged-in user has joined, while also calling this API for each. In other words, the more guilds a user is a member of, the more APIs will be executed.

The big problem is that this API has a very low Rate Limit. I actually called the API and found that it can only be called 5 times in 5 minutes (probably per logged in user).

x-ratelimit-bucket: c2412ef55a2efd5b52331deb1d4b7d4d
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1667551712
x-ratelimit-reset-after: 300

Therefore, if we implement this API, it is likely to fall into the Rate Limit soon unless we perform some filtering such as limiting it to specific guild IDs (1 to 5).

activadee commented 1 year ago

By limiting it to one specific guild this will become an awesome feature imo.

zelytra commented 1 year ago

@Netherwhal Thank you for the feature request.

To call this API, we would first call https://discord.com/api/users/@me/guilds to get all the guild IDs that the logged-in user has joined, while also calling this API for each. In other words, the more guilds a user is a member of, the more APIs will be executed.

The big problem is that this API has a very low Rate Limit. I actually called the API and found that it can only be called 5 times in 5 minutes (probably per logged in user).

x-ratelimit-bucket: c2412ef55a2efd5b52331deb1d4b7d4d
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1667551712
x-ratelimit-reset-after: 300

Therefore, if we implement this API, it is likely to fall into the Rate Limit soon unless we perform some filtering such as limiting it to specific guild IDs (1 to 5).

Btw, the rate limit is based on the token of the user, so if 100 people is trying to authenficate, they have rate limit for each user and not one for all application. So this is possible and simple to implement !

NotActuallyTerry commented 1 year ago

There is a fork that's doing this work but for groups instead, https://github.com/pjeanjean/keycloak-discord For achieving this, it might be worth looking into stealing merging some of the work from there?

zelytra commented 1 year ago

@wadahiro Could you consider creating a PR if you consider your dev operational?

NotActuallyTerry commented 1 year ago

For those of y'all who want to get this working right this moment, I've forked the previous repo, updated it to v22, added documentation on role syncing & merged #34 into it.

https://github.com/NotActuallyTerry/keycloak-discord

You can grab a pre-built jar via the Releases

@wadahiro @pjeanjean @rpeper I can open a PR to merge these changes into the repo if you're happy w the changes

pjeanjean commented 1 year ago

Hey,

I don't mind at all if you reuse what I did on my fork and make it into a PR. Just note that: