I'm creating a react SPA with a flask backend with discord oauth 2 login. I want to know the discord user ID of the current user available to flask and use the SPA to display info about the user such as username and profile picture.
If I set up a login page via flask, I can get info about the signed in user by querying the current user discord API. But how do I get the name and profile picture in the SPA? I could give the access token obtained by flask to the SPA but token sharing is not recommended.
Another approach is the implicit grant flow where the SPA gets the access token and gives it to flask. Flask can then check to see who logged in. This also involves token sharing among ouath2 clients which is not recommended.
I'm not sure how to get an access token for both flask and the SPA without the user having to sign in multiple times
This is a design problem. Your SPA should get discord information through your Flask backend API. Your SPA should not access discord api directly, and it is often impossible to access third party api directly because cors.
Here is an example:
@app.route('/discord/profile')
def get_discord_profile():
resp = oauth.get('/discord/profile/url')
return jsonify(resp.json())
Your access token is always accessed by backend.