MikolajG/peertube-openid-discord
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
peertube-openid-discord/README.md

5 KiB
Raw Permalink Blame History

PeerTube Discord OIDC Bridge

A lightweight, containerized OIDC (OpenID Connect) provider that acts as a bridge between a PeerTube instance and Discord's OAuth2 authentication. This allows users to log in or register on a PeerTube instance using their Discord account, with access gated by membership in a specific Discord server.

Overview

This project solves a specific problem: PeerTube has a robust, official plugin for OIDC authentication, but not for generic OAuth2 providers like Discord. This service fills that gap by presenting a fully compliant OIDC interface to PeerTube while handling the Discord OAuth2 flow on the backend.

The primary use case is for self-hosted PeerTube instances that are not fully public but need a simple way to grant access to a community of users, such as friends or server members, without manual account creation.

Features

  • Discord Authentication: Enables "Login with Discord" for any PeerTube instance.
  • Server Gating: Restricts login/registration to members of a specific Discord server.
  • OIDC Compliant: Works seamlessly with the official PeerTube auth-openid-connect plugin.
  • Automatic Account Creation: New users who pass the server gate are automatically given a PeerTube account.
  • Existing Account Linking: Users with an existing PeerTube account can link it by matching their Discord email.
  • Dockerized: Runs as a single, lightweight Docker container orchestrated with Docker Compose.
  • Diagnostics Page: Includes a /status page to check configuration and connectivity.

How It Works

  1. A user on PeerTube clicks "Login with OpenID Connect".
  2. PeerTube redirects the user to this OIDC Bridge service.
  3. The OIDC Bridge service redirects the user to Discord for authentication and authorization.
  4. The user authorizes the application in Discord and is redirected back to the bridge.
  5. The bridge uses the Discord authorization code to get an access token.
  6. It then uses the access token to fetch the user's profile and their list of Discord servers (guilds).
  7. The bridge creates a signed ID Token (JWT), inserting the user's server IDs into a groups claim.
  8. PeerTube receives the ID Token, validates it, and checks if the user's groups claim contains the required "Allowed Group" (your Discord Server ID).
  9. If the check passes, the user is logged in or their account is created.

Requirements

  • Docker
  • Docker Compose
  • A PeerTube instance with the auth-openid-connect plugin installed and enabled.

Setup Instructions

1. Clone or Create Project Files

Place all the project files (docker-compose.yml, Dockerfile, app.py, requirements.txt, .env, templates/status.html) in a single directory on your server.

2. Configure Environment Variables

Create a .env file by copying the contents from the Canvas and fill in the following values:

  • OIDC_PROVIDER_URL: The full, publicly accessible URL of this bridge service (e.g., http://your-domain.com:5000 or http://192.168.1.10:5000). This cannot be localhost if PeerTube is running on a different machine or in a different Docker network.
  • DISCORD_CLIENT_ID: Your Client ID from the Discord Developer Portal.
  • DISCORD_CLIENT_SECRET: Your Client Secret from the Discord Developer Portal.
  • PEERTUBE_CALLBACK_URL: The full callback URL provided by the PeerTube OIDC plugin settings page. It will look like https://your-peertube.com/plugins/auth-openid-connect/router/code-cb.

3. Configure Discord Application

In the Discord Developer Portal, under your application's "OAuth2" settings:

  • Add a Redirect URI that matches the bridge's callback endpoint: http://<your-domain-or-ip>:5000/discord/callback.

4. Configure PeerTube Plugin

On your PeerTube instance, navigate to Administration -> Plugins/Themes -> auth-openid-connect -> Settings and configure it as follows:

  • Discover URL: http://<your-domain-or-ip>:5000/.well-known/openid-configuration
  • Client ID: peertube
  • Client secret: peertube-super-secret
  • Scope: openid email profile groups
  • Username property: preferred_username
  • Email property: email
  • Display name property: name
  • Group property: groups
  • Allowed group: Your specific Discord Server ID.

Running the Service

From the project directory, run the following command:

docker-compose up --build -d

The -d flag runs the container in detached mode (in the background). Troubleshooting

You can check the health and configuration of the bridge service by navigating to its status page:

http://:5000/status

This page will show the status of environment variables, connectivity to the Discord API, and a log of the most recent incoming requests from your PeerTube instance, which is invaluable for debugging the connection.

To view live logs from the container, run:

docker-compose logs -f