Discord OAuth Linking

ReportFlow supports Discord as a primary authentication provider through Clerk. When a user signs in with Discord, we automatically fetch their guild memberships and can associate their ReportFlow account with the correct agency tenant—no manual setup required.

Seamless Sign-In

One click to authenticate with your Discord account.

Auto Server Link

Guilds are fetched automatically during OAuth flow.

Secure Tokens

Access tokens are encrypted and stored safely.

How OAuth linking works

When you click "Continue with Discord" on the sign-in page, Clerk initiates an OAuth2 authorization request with the identify, email, and guilds scopes. Discord returns an access token that ReportFlow stores (encrypted) and uses to fetch your guild list. We compare those guilds against existing GuildTenantMapping records in the database—if a match is found, your account is automatically linked to that agency tenant.

For agency owners setting up for the first time, no mapping exists yet. The onboarding flow prompts you to select which server you want to use. This creates the mapping and sets you as the organization owner with full admin rights.

Required OAuth scopes

identify — Retrieves the user's Discord ID and username.
email — Used as a fallback identifier and for notification emails.
guilds — Fetches the list of servers the user belongs to (required for auto-linking).

These scopes are configured in the Clerk dashboard under Social Connections → Discord. Make sure the redirect URIs match your deployment domain or local development URL.

Multi-tenant security

ReportFlow is a multi-tenant platform with strict row-level security (RLS). Even if a user belongs to multiple Discord servers that each have their own ReportFlow workspace, data is never mixed. Each workspace has its own tenant ID, and all database queries are automatically scoped to the current tenant context via Prisma extensions.

When a user switches between workspaces (if they belong to more than one agency), the session's tenant context updates and all subsequent queries return only data for that tenant. This isolation is enforced at the database level using PostgreSQL RLS policies.

Troubleshooting OAuth issues

Redirect URI mismatch — Verify the URI in Clerk matches your app's domain exactly (including https://).
Missing guilds — Ensure the user authorized the "guilds" scope during consent.
Stale tokens — If guild data seems outdated, the user can re-authenticate to refresh the token.

Next steps

Invite the bot to your server in Discord Bot Setup.
Learn about managing multiple agencies in Multi-Tenant Setup.
Configure team permissions in Roles & Permissions.