Discord Auth Secure Login & Server Restriction

Product information

Release v1.0.1 (Updated )

Reviews

0 von 5 Sternen

0 purchases

Secure Discord OAuth login for Pterodactyl panels. Includes Smart IP Trust, Server Membership Restriction and full admin configuration. Seamlessly integrates with all Blueprint themes.

€8,00

Pay with PayPal
Release history

Team

Catruzh

catruzh's profile photo
Support
Products

Description

Two login scenarios: Login to an existing account Register a new account + link Discord

Discord Server Check: Restrict login to members of specific Discord servers only. If the condition isn't met, the user sees a reason on the login page without revealing which server is required

Role Check: Allow login/registration only if the user has a specific role. Same idea the reason is shown, but the exact role stays hidden

Auto Join: After authentication, users are automatically added to your Discord server

Auto Role: Automatically assign a role to users after login

Discord Channel Logging: Registration, auto-join, and role assignment events are sent to a log channel

Trusted IP Check: If a login comes from a new or suspicious IP, an additional verification step kicks in (password + 2FA).

UI: Built with native Blueprint/Pterodactyl classes fully compatible with custom themes

Security:

  • access_token and refresh_token are encrypted via Laravel encrypt() before being stored in the database never saved in plain text
  • OAuth state is randomly generated, has a limited lifetime, and is deleted after use protects against request forgery
  • Open redirect protection: post-login redirects are limited to internal panel paths only
  • Rate limiting on verification attempts
  • Admin AJAX operations are protected: auth + root_admin check, CSRF token, same-origin enforcement
  • Client-facing errors are sanitized (no sensitive details), full info goes to server logs

FAQ

Q: How are new accounts created? Do users need to enter email manually? A: The user’s email is retrieved directly from Discord. If Discord does not provide one, the panel can require the user to enter an email during registration.

Q: What about passwords for new users? A: New users must set a password before completing registration. Existing users log in normally. 2FA is fully supported.

Q: Does this replace the default login system? A: No. Traditional login remains available unless you choose to disable it.

Q: How does Guild Restriction work?

A: When enabled, only members of your specified Discord server can log in. The bot must have permission to read members.

Q: What happens if a user logs in from a new IP or country? A: The Smart IP Trust system will require password verification (and 2FA if enabled) before allowing access.

Q: Can users unlink their Discord account? A: Yes. Users can unlink Discord anytime from Account Page.

Q: How long does setup take? A: Typically 2-3 minutes. All configuration is handled directly from the admin panel.