AeThex Discord System - Complete Flow Documentation
Overview
There are 5 completely separate Discord flows in AeThex. Each one is independent but some share infrastructure.
FLOW 1: Discord OAuth Login
When: User clicks "Continue with Discord" on /login page Goal: Create new account OR link Discord to existing email Files Involved: Login.tsx → oauth/start.ts → oauth/callback.ts
Step-by-Step
┌─ User on /login page
│
├─ Clicks "Continue with Discord" button
│ └─ code/client/pages/Login.tsx line ~180-185
│
├─ Browser → /api/discord/oauth/start (GET)
│ └─ code/api/discord/oauth/start.ts
│ • Builds Discord OAuth URL
│ • No state needed for login flow
│ • Redirects to: https://discord.com/api/oauth2/authorize?client_id=...
│
├─ User authorizes on Discord
│ └─ Discord redirects to: /api/discord/oauth/callback?code=XXX&state=...
│
├─ Backend processes callback (GET)
│ └─ code/api/discord/oauth/callback.ts
│
│ A) Parse state (action will be undefined or "login")
│ B) Exchange code for Discord access token
│ C) Fetch Discord user profile (id, username, email, avatar)
│ D) Check if email already in Supabase auth
│ └─ If YES: Just link to existing user (don't create)
│ └─ If NO: Create new auth user with email
│ E) Create/update user_profiles record (upsert)
│ F) Create discord_links record (links discord_id → user_id)
│ G) Create session (login user automatically)
�� H) Redirect to /dashboard or /onboarding based on profile_complete
│
└─ ✅ User logged in with Discord account linkedDatabase Operations (Login Flow)
Success Path
✅ User sees dashboard or onboarding screen ✅ User is fully logged in ✅ Discord account is linked
Failure Paths
❌ Email already exists → Redirect to /login?error=account_exists&message=...
User must sign in with email first, then link from Dashboard ❌ Auth user creation fails → Redirect to
/login?error=auth_create❌ Profile creation fails → Redirect to/login?error=profile_create❌ Discord link creation fails → Redirect to/login?error=link_create
FLOW 2: Discord Account Linking (from Dashboard)
When: User clicks "Link Discord" button in /dashboard?tab=connections Goal: Add Discord account to existing AeThex account (user already logged in) Files Involved: Dashboard.tsx → AuthContext.linkProvider() → oauth/start.ts → oauth/callback.ts
Step-by-Step
Database Operations (Linking Flow)
Success Path
✅ Browser redirects to /dashboard?tab=connections ✅ Discord appears as "linked" in connections section ✅ User can now use /verify command in Discord to link roles
Failure Paths
❌ Auth token missing/invalid → User sees "Auth failed" toast ❌ Session creation fails → User sees "Link failed" toast ❌ Session expired during OAuth redirect → Redirect to login ❌ Discord ID already linked to different account → Redirect to login with error
Critical: Session Persistence
⚠️ KEY ISSUE THAT WAS FIXED:
During Discord OAuth redirect (step 2D above), browser leaves aethex.dev
Session cookies might not be sent to Discord redirect back
SOLUTION: We store user_id in temporary database session (discord_linking_sessions)
On callback, we extract user_id from database, not from cookies
This guarantees linking works even if cookies get lost
FLOW 3: Discord Verification Code (Bot /verify Command)
When: User types /verify in Discord, bot sends code, user clicks link Goal: Link Discord account without OAuth flow (alternative to Flow 2) Files Involved: bot.js /verify command → DiscordVerify.tsx → api/discord/verify-code.ts
Step-by-Step
Database Operations (Verification Flow)
Success Path
✅ Page shows "Discord linked successfully!" ✅ Browser redirects to connections tab ✅ Discord appears as linked
Failure Paths
❌ Code expired → Show error "Code expired, ask bot to run /verify again" ❌ Code not found → Show error "Invalid code" ❌ Discord ID already linked to different user → Show error "This Discord is already linked to another account" ❌ User not logged in when clicking link → Redirect to login (code preserved)
Why This Flow Exists
Simpler than OAuth (no redirect to discord.com)
Works if user's Discord is not verified with email
Manual process but more user-friendly for some
FLOW 4: Discord Activity (Standalone SPA in Discord)
When: User opens Activity in Discord desktop app Goal: Show AeThex dashboard inside Discord as an Activity Files Involved: Activity.tsx → DiscordActivityContext.tsx → api/discord/activity-auth.ts
Step-by-Step
Database Operations (Activity Flow)
Success Path
✅ Activity loads in Discord ✅ Shows user profile ✅ Buttons open links in new tabs ✅ Activity stays in Discord
Failure Paths
❌ Not in Discord iframe → Show message "Open this in Discord Activity" ❌ Token invalid → Show error "Authentication failed" ❌ SDK failed to load → Show error "Discord SDK unavailable"
Key Difference from Other Flows
This uses Discord SDK (embedded in iframe)
NOT OAuth (no redirect to discord.com)
NOT a regular login (Activity is ephemeral)
User is verified by Discord SDK internally
FLOW 5: Discord Bot Commands
When: User types slash commands in Discord Goal: Manage Discord account, set realm, view profile, etc. Files Involved: bot.js → /api/discord/interactions.ts
Available Commands
/verify
Uses: Flow 3 (Verification Code)
/set-realm [arm]
/profile
/unlink
/verify-role
Database Schema
discord_links
Used by: All flows Query patterns:
Find user by discord_id (Flow 2, 3, 4, 5)
Find discord_id by user_id (Dashboard connections check)
Update primary_arm (Flow 5 /set-realm)
discord_linking_sessions
Used by: Flow 2 (OAuth Linking) Query patterns:
Insert when user clicks "Link Discord" (create-linking-session endpoint)
Select when OAuth callback received (lookup user_id from token)
Delete after lookup (cleanup)
discord_verifications
Used by: Flow 3 (Verification Code) Query patterns:
Insert when bot /verify command runs (generate code)
Select when user submits code (verify-code endpoint)
Delete after verification (cleanup)
discord_role_mappings
Used by: Flow 5 (Bot role assignment) Query patterns:
Select by (arm, user_type) to find which role to assign
Managed in Admin panel
discord_user_roles
Used by: Flow 5 (Bot tracking) Query patterns:
Insert when role is assigned
Update when verified
Select to show /verify-role command
Environment Variables
⚠️ SECURITY NOTE: Never put actual tokens in documentation or version control. Keep them in environment variables only.
Quick Comparison
1: OAuth Login
/login button
Create account or link to existing email
OAuth + email
/api/discord/oauth/start, /callback
✅ Working
2: OAuth Linking
Dashboard button
Link to logged-in account
OAuth + session token
/api/discord/create-linking-session, /oauth/start, /callback
✅ Working
3: Verification Code
Discord bot /verify
Link to logged-in account
Manual code
/api/discord/verify-code
✅ Working
4: Activity
Discord Activity
Show dashboard in Discord
Discord SDK
/api/discord/activity-auth
✅ Working
5: Bot Commands
Discord slash commands
Manage account & roles
None (bot to backend)
/api/discord/interactions
✅ Working
Common Issues & Solutions
Session Lost During OAuth Linking
Problem: User logs in with email, clicks "Link Discord", gets redirected to login page Cause: Session cookies not sent during Discord redirect Solution: We use discord_linking_sessions table to store user_id before redirect ✅
Forced Onboarding After Email Login
Problem: User logs in with email, is sent to onboarding even though they completed it before Cause: Profile not marked as onboarded: true after completion Solution: Onboarding now sets onboarded: true flag ✅
Discord Already Linked Error
Problem: User tries to link Discord account that's already linked to different AeThex account Cause: discord_links.discord_id is UNIQUE Solution: Check if discord_id exists and belongs to different user, show error ✅
Verification Code Expired
Problem: User takes too long to click Discord link or verify Cause: discord_verifications has 15-min expiry Solution: Tell user to ask bot to run /verify again ✅
Testing Checklist
Architecture Summary
Last updated