Discord OAuth Login in Unity
If your game's community already lives on Discord, letting players sign in with their Discord account is a small change that feels natural to them. It's standard OAuth 2.0, so it's a quick integration — with one honest catch around email that's worth knowing before you rely on it. This guide covers the setup, the real C#, and that catch.
Why Discord login fits community games
Discord isn't a general-purpose identity provider the way Google is. Its strength is specific: for a game whose players are already in your Discord server — multiplayer titles, early-access communities, modding scenes — "Sign in with Discord" uses an account they open every day. That's less friction than a new password and a warmer button than a stranger's login. If your audience isn't on Discord, one of the other providers is a better first choice.
Step 1: Create a Discord application
- Open the Discord Developer Portal and create a New Application.
- Go to OAuth2 in the sidebar. Copy the Client ID and, under Client Secret, Reset Secret to reveal one — copy it now, since it's shown once.
- Still in OAuth2, add this exact Redirect under Redirects:
https://sso.oathwall.com/auth/callback
That redirect has to match exactly — https, no trailing slash. Discord rejects the flow with an invalid-redirect error if it's off by a character, the same failure mode every OAuth provider has.
Step 2: Paste your credentials into Oathwall
In the Oathwall dashboard, add Discord as a provider and paste the Client ID and Client Secret. The secret is stored server-side and used only during the token exchange on Oathwall's servers, so it never reaches your build. By default Oathwall requests the identify and email scopes — identify for the account id, username, and avatar, email for the address. If your game genuinely doesn't need email, you can drop it to identify alone and ask for less.
Step 3: Wire it up in Unity
The client code is identical to every other provider:
using PixitGames.SSOLoginKit;
public class LoginManager : SsoClientBase
{
// OAuth2 with identify + email scopes.
// No Discord SDK, no secret in the build.
public void OnDiscordButton() => StartLogin("discord");
protected override void OnLoginSuccess(LoginResult user)
{
// user.name is the Discord display name.
// user.email may be null if it's unverified.
LinkPlayer(user.id, user.name);
}
}
StartLogin("discord") opens Discord's authorization page in the system browser. Oathwall exchanges the code, pulls the profile from Discord's /users/@me endpoint, and returns the result: user.id (the stable account id), user.name (the display name), and user.email when it's available and verified.
The gotchas worth knowing
An email from Discord can be unverified. Discord will hand back an address on an account the user never confirmed. Matching accounts on an unverified email is how one person ends up able to claim another's identity. Oathwall guards against that: it only passes the email through when Discord flags it verified, and returns null otherwise. So when user.email is present, you can trust it — but write your code to handle the null case, because plenty of Discord accounts hit it.
Username changed shape. Discord retired the old name#1234 discriminators for unique usernames plus a separate display name (global_name). Oathwall returns the display name when set and falls back to the username. It's a label for the UI, not an identity — two players can show the same display name — so key everything durable on user.id.
Avatars are optional. A player without a custom avatar comes back with none rather than a default URL. If your UI needs an image for everyone, keep a placeholder ready.
For the mechanics under the button, OAuth 2.0 explained for game developers breaks down the scopes and the code exchange, and the Unity authentication guide shows Discord next to Google, Apple, Steam, and Facebook under the same login class. Pairing Discord with a broader provider like Facebook or Google is common — Discord for the core community, another for everyone else.
Oathwall is available on the Unity Asset Store, and its free plan is enough to build and test Discord login before you launch.
Frequently asked questions
- What scopes does Discord login need?
- identify gets you the account id, username, and avatar. Add email if you also want the address. Oathwall requests identify and email by default; you can keep it to identify alone if your game doesn't need email at all.
- Is the email from Discord always safe to trust?
- No. Discord can return an email that the user hasn't verified. Oathwall only passes the email through when Discord marks it verified — an unverified address comes back as null — so you don't accidentally match accounts on an address the player never confirmed.
- What's the difference between username and global_name?
- Discord moved to unique usernames plus a separate display name (global_name). Oathwall returns the global display name when it's set and falls back to the username. Show that name in the UI, but key player data on the stable account id, not the name.
- Do I ship a Discord client secret in my Unity build?
- No. The client secret is stored in the Oathwall dashboard and used for the token exchange on Oathwall's servers. Your build carries only the public appKey.
- Is Discord login a good fit for my game?
- It's a strong fit if your community already lives on Discord — community-driven, multiplayer, or early-access titles. Players sign in with an account they use every day, and you can identify them consistently across sessions.