Name: Discord
Homepage: https://discord.com/
Short description: Discord is a VoIP, instant messaging and digital distribution platform. Users communicate with voice calls, video calls, text messaging, media and files in private chats or as part of communities called "servers". - Wikipedia
Optional API documentation URL: https://discord.com/developers/docs/

You could implement this provider like you did on Matrix. Something like: Join a channel or server, post a message ...

I had looked into Discord and couldn't find a proper way of verifying identities on it. But I suppose you're right, the Matrix solution should work here!

Let's explore!

Do you happen to have experience with Discord bot development? I have none so all help is appreciated!

I am not a master in programming but i will ty my best to help you. Can you give some informations about your server infrastructure? Maybe you can use the matrix example to explain the technical process.

Then no worries, I'll figure it out 😉 it would just have been very fortuitous if you had experience with Discord bots.

After all, the Discord implementation might be quite a bit more difficult than Matrix.

Matrix is just an authenticated HTTP request (source code: https://codeberg.org/keyoxide/doipjs/src/branch/main/src/fetcher/matrix.js). This HTTP request is made with the access code of a "bot" that fetches the content of the message containing the fingerprint.

It all depends on the Discord API and if it allows us to get the content of any message in the history of a channel. I'm trying to figure this out right now.

Maybe it is also an option to work with this:

const Discord = require('discord.js');

const client = new Discord.Client({ 
    intents: ["GUILDS","GUILD_MESSAGES"] 
});

client.on("messageCreate", (message) => {
  console.log(message)
})

client.login('API KEY');

Whenever someone writes something to a channel, the function is executed. So you can work more "interactive" or "just in time".

The "interactive" mode sadly wouldn't work in the case of Keyoxide, it doesn't store any data for later use: the data needs to be fetched at the moment someone else performs a verification. But luckily, Discord also supports that use case!

2 months later

You can fetch specific Discord messages in a simple HTTP request: https://discord.com/developers/docs/resources/channel#get-channel-message

One small problem is how to interoperate...

  • In Matrix, for someone to reproduce the proof on their own Ariadne instance, they simply need to register a Matrix account (no distinction between users and bots) and join the proof room.
  • In Discord, the admin(s) of the "server" that proofs are stored in must manually invite the bot accounts of anyone wishing to reproduce.

If that is an acceptable disadvantage then I can work on implementing it.

a month later

Yeah, it's not great as you say. I guess we could add other libraries/bots as moderators but someone (us) will be acting as gatekeepers.

The question is: where is the most harm? Not having Discord? Or saying that proving identities on Discord is decentralized when technically, it's really not if only one group has unrestricted access to it and other instances need to apply and are granted access by the grace of the first group?

I'll be honest, I'm not sure yet of the answer. It is possible a service such as Discord can be deemed too "walled" or whatever to allow for good and fair identity proving. Basically, as soon as an API request must be authed, Keyoxide runs the danger of becoming unfair.

9 months later

I'm also interested in Discord as a Keyoxide service provider!

Initially I was thinking you could add your fingerprint to the "About me" section of your Discord user profile, but apparently that's a no-no: https://github.com/discord/discord-api-docs/issues/3095#issuecomment-868817186

Given Discord's changes over the last couple years to the info that bots can collect, the easiest way might be similar to how Telegram linking works. Start a DM with the bot, give it your fingerprint in a message, and copy-paste the message ID into your proof. Those message IDs look like:

  • https://discord.com/channels/@me/<chat_id>/<message_id>
10 months later

+1ing my voice here, as I have just wondered on Discord why I can't prove that I'm, in fact, myself.

2 months later

Just thinking out loud: With the recent changes to Discord's username system, Discord usernames now need to be unique and 2-32 characters long.

Would it be reasonable to ask people to set their Discord usernames to the long Key ID (16 characters) or a 32-character hash of their fingerprint? (The long Key ID is the last 16 characters of a fingerprint and something like MD5 could be used to generate hashes.)

    I'd say no, it seems to me it's too big of an ask for folks out there to alter their usernames in such way. Plus we are slowly, perhaps unintentionally but still, converging to the point where, for messaging system accounts that do not support (public) bio fields, we suggest creating public rooms with descriptions containing required proofs instead. We did that for Telegram and there is PR on the way that does the same for Discord (you can read more about it here).

    ethan ...or a 32-character hash of their fingerprint? (The long Key ID is the last 16 characters of a fingerprint and something like MD5 could be used to generate hashes.)

    The fingerprint itself is a SHA-1 hash of a person's public key (plus some metadata) producing 160 bits or 40 hexa chars. If I understand you correctly you are proposing:

    1. double hashing it (with MD5)
    2. taking leftmost 32 hexa chars

    I rest my case about incorporating proofs inside usernames in general but leaving that aside such system wouldn't work because hashing is not reversible and Keyoxide doesn't and shouldn't store any user data including fingerprint hash lookups.

      • Edited

      vladimyr

      seems to me it's too big of an ask for folks out there to alter their usernames in such way

      Fair enough

      The fingerprint itself is a SHA-1 hash of a person's public key (plus some metadata) producing 160 bits or 40 hexa chars. If I understand you correctly you are proposing:

      No, an MD5 hash is 32 characters itself. Keyoxide wouldn't need to store anything - it'd get the fingerprint when it gets the public key and then check that the MD5 hash matches the username.

      I hadn't seen the recent updates to the pull request for a Discord proof, so thanks for sharing!

        ethan No, an MD5 hash is 32 characters itself. Keyoxide wouldn't need to store anything - it'd get the fingerprint when it gets the public key and then check that the MD5 hash matches the username.

        Oh, right, right, 128 bits. So what you are proposing is in fact variation of https://docs.keyoxide.org/wiki/identity-proof-formats/#Hashed_URI but with MD5 digest algo?

          • Edited

          vladimyr

          Yes!

          I do think some people would want to keep their username as is, but even if someone were to change it solely for Keyoxide, up to two username changes are allowed per week. (Display name changes are unrelated and unlimited.)

          Discord stated in their post that the username is "for friend requests and for validating the identity of other users on Discord" since the addition of display names makes those the more user-facing identities.

          Edit: Clarified changing username vs. display name

          I used to be vladimyr#6419 on Discord and when they decided to abandon those suffixes and enforce unique usernames I ofc tried (and failed) to claim vladimyr handle. I suspect it has something to do with the fact that I never paid for any additional bells and whistles. Since I had to come up with a new idea, and preferably the one that channels my disatisfaction with beforementioned decision, I claimed vladimyr_0x${toHex(6419)}. Since your idea looks pretty similar but much more useful and less childish maybe it is time for me to seriously look into it 🙃

          2 months later

          Hi, are there any updates on Discord support?

          16 days later

          I'm happy to report that Discord support has landed inside doip.js and the docs are up. You can start adding those claims right now but for them to be successfully verified you'll have to wait a bit more until the new release of doip.js gets cut and deployed on Keyoxide.org, so stay tuned for further updates!