-
Notifications
You must be signed in to change notification settings - Fork 97
Redirect URIs and RPC origins
What those two fields in the bot creation process are is one of the most frequently asked questions on the Discord API server. The TL;DR of what they do is if you don't know what they are, you can safely ignore them. If you're curious what they actually are, or maybe if you do need them, you can read on.
The fundamental thing to note for both of these fields is that bots are only a special case of OAuth2 applications. OAuth2 is a protocol for secure authentication with a website; it's what powers all those "Sign in with Google" or "Sign in with Facebook" etc. buttons all over the Internet. (An excellent basic explanation of it can be found in this video.) Discord also implements that protocol, so that websites can make a "Sign in with Discord" button if they want. In order to do that, they first need to create an OAuth2 application on Discord. Then they will add a redirect URI that points to their server, and that is where Discord will send the server the token after you authorised with Discord.
Discord also ab-uses the OAuth2 process in a somewhat hacky way to allow adding bots to servers. To do that, bot accounts can be added to applications, and the OAuth2 process is used here to allow the user to add a bot to a server they own. This doesn't usually require a redirect URI as adding a bot involves no token to be sent anywhere, however it can be used if the bot owner separately also wants to verify who you are for their web app.
RPC (Remote Procedure Call) is a currently undocumented feature Discord provides that lets you connect to a locally running Discord client and do stuff with it. In the future, it will replace bots running on user accounts. An RPC origin is what lets Discord verify that it's really something authorised by the application to do the RPCs. For now you can just ignore it.