Since posting on the Disqus disqus forum seems to be a waste of time, maybe someone here can help.
I’m trying to use the OAuth2 flow to connect a Disqus user to my app’s account system so I can monitor their activity (posts/comments/etc). I’m using Meteor for my app. I’m calling the OAuth2 authorize endpoint from my server code and passing the resulting HTML back to the client for rendering. This all works fine. But I’m seeing 2 problems on the client side. First, the HTML code returned from Disqus seems to be designed in a full page and the username/password fields extend across the entire window. I was expecting a dialog/modal popup like the one that Disqus provides when logging into a forum. I tried wrapping the HTML inside of a Boostrap3 modal window which mostly works except the username and password fields extend off the right side of the dialog box.
Ignoring the ugly UI the second problem is that when the user clicks on the submit link Disqus puts up and error page titled ‘CSRF verification failed (403) - DISQUS’. I’m guessing this may be because the OAuth2 call was made from the server and the submit is coming from the client. If I copy the OAUTH2 url directly into the browser everything works fine. But I don’t want to expose my API key and resulting code on the client side since that seems like a security risk.
All I really want to do is verify that the user is trying to connect their own account to my app (and not some other user). I’m not posting with their account so I don’t need an access token (I’m calling user/details which just takes the API-key). So I’ve thought about creating a forum for my app and using the login endpoint to verify the username/password combo. But that dialog doesn’t explain the scopes I’m asking for.
I’ve also considered building my own dialog box to prompt for the username/password, sending those back to the server and have the server “fake” the submit back to Disqus. But that is not a maintainable solution since Disqus might change the expected fields at any time. And it is ugly as sin.
Anyone have any suggestions? I didn’t post any code since I don’t believe it is a coding problem (and the code is a bit convoluted). But if anyone thinks it will help you help me, I’ll be happy to post it.