Possible to save / restore auth in browser cookie?

[johnsturgeon]

I'm trying to figure out just how to save / restore the OATH2 data in a browser cookie so that the user isn't prompted to re-authenticate every time they come back to my site.

What's the best way to do that?

[weibeu]

See, you can do two things about it. I think Flask session expire after someone closes browser or something. You can search more on this. So to persist the session even after user closes their browser, you can mark flask session as "permanent". To do that you can simply set this value: session.permanent = True right after wherever you're calling discord.callback().

The other thing is that you can specify False to prompt parameter of DiscordOAuth2Session.create_session method something like: discord.create_session(..., prompt=False). Basically, this will tell Discord to not go for auth grant again if user has previously authorized your application. This will get you new tokens but user won't have to click those extra buttons everytime.

[johnsturgeon]

Interesting, I think the prompt=False gets me close, I will have to do some additional cookie management on this side, but that works.

[weibeu]

The default implementation stores authorization tokens in Flask session or in other words as in cookies. To be more safe its recommended to store the authorization tokens server side in some database or something. This way you can safely ensure that you have authorization token or at least the refresh tokens of user who previously authorized your application.