tcdtech
commented
1 year ago I've fixed this. I was getting 401 'unauthorized' errors on the actual discord requests in the backend because I was missing a scope I required (identify). After adding that scope to the create_session call it all works as expected.
I still have no idea why it DID work for my own account without that scope enabled, but that is why it wasn't working for anyone else.
I can authenticate on my website. It works exactly as expected, I can login/logout, get my username, avatar, guilds, roles etc etc etc
I can log in on every device I have tried (desktop, laptop, phone, and over VPN)
When any other user account tries to authenticate it just fails silently. The logs show no errors, the callback gets their token but 'unauthorizederror' still gets triggered and they are sent back to the login + discord auth page.
I've even made a second account myself to test it and it won't let that account in either.
Any ideas? I have no idea what to try next.