Authenticating with Discord through VSC Thunder Client

[bryansamuel1]

Hello,

I have a new adonisjs API that currently uses the discord ally driver to redirect users to discord to authenticate them. After the user has successfully authenticated the user is redirected back to the API to the route Route.get('discord/callback', 'DiscordController.handle') so then within the DiscordController.handle method I validate the discord response, find the user then log them in.

const discord = ally.use('discord').stateless()
    if (discord.accessDenied()) {
      return 'Access was denied'
    }
    if (discord.stateMisMatch()) {
      return 'Request expired. Retry again'
    }
    if (discord.hasError()) {
      return discord.getError()
    }
    const discordUser = await discord.user()
    const user = await DiscordUser.firstOrCreate(
      {
        discordId: discordUser.id,
      },
      {
        name: discordUser.name,
        discordId: discordUser.id,
        discordToken: discordUser.token.token,
        discordRefreshToken: discordUser.token.refreshToken,
        discordExpiry: (new Date().getTime() + discordUser.token.expiresIn - 60).toString(),
        discordAvatar: discordUser.avatarUrl || null,
      }
    )
    await auth.use('web').login(user)
    response.redirect('/')

So this works perfectly when accessing the API through the /discord/login route, however I am having trouble trying to authenticate myself through my Visual Studio Code extension Thunder Client and I have missed something but I am not sure what.

I am trying to hit this authenticated endpoint /game using an Access Token that I obtain when I click Generate Token which opens up my browser, loads the normal Discord Auth URL https://discord.com/oauth2/authorize, and then redirects me to the following URL with a code query param.

But even hitting my authenticated endpoint with my Access Token I still get un-authorised access, which makes sense because I haven't logged the user into the auth web guard, like I have done in the DiscordController above using await auth.use('web').login(user)

So my question is how do I do that if I am not able to be get redirected within Thunder Client like I would do within the browser?
Do I need to create a new route for this form of authentication, and if so how would this new controller differ to the DiscordController that I have above?

Thank you,
I am happy to explain more where needed

[bryansamuel1]

Found the answer myself.

Set the Auth Callback URL to the Discord api route that handles redirect callbacks. Generate a new token from Thunder Client, Login with Discord and then you will be redirected to your discord/callback endpoint, which will allow the controller to log you in. Then simply make a request to your API from your browser and fetch the cookie stored in the header. Add that cookie as a header to your Thunder Client requests and now you can access authenticated endpoints.