For the Discord OAuth to provide proper moderation capabilities it needs to be the case that administrators can be certain the display names of users in the room accurately reflect the ones from Discord.
I think the way to handle this is to migrate Hubs in general to a model where the Phoenix Presence information is the authority of names across the whole experience. (Currently display names are registered in Presence, but the nametags on avatars are serialized separately and un-authoritatively over NAF.)
Here’s the rough sequence of steps I think we need to take to get to a point where the Phoenix Presence infra can be the authority of the names:
-
Update NAF to have an option to reject full sync messages from unreliable transports. This will make it possible to have “authoratative full syncs” since the reliable transport is phoenix – ie, we can look at a full sync message when this is turned on and be sure that it was inspected by Phoenix.
-
Update the hub channel to inject the session id (and potentially account id) into all NAF full sync messages. This will make it so when we see a full sync, we can be certain the originating session id (which is registered in presence) and potentially account id.
-
Update the client to use the presence info, combined with the session id tagging on the avatar’s initial full sync message, to ensure the name tag corresponds to the registered display name in presence for that session.
-
Remove the bits that were previously used to sync display names, and rely exclusively on presence.
-
Update the Discord OAuth system to register discord identity information into presence, and also ensure that identity information can no longer be set by clients directly when they are in a hub room. (This could be done in several ways – eg by having the server just block writes to a specific key in the presence data, or by introducing new keys that are considered authoritative that override the client-set display name key(s))
-
Potentially augment the identity information in presence to include a thumbnail/avatar image, and/or badges based upon the security permissions of the user. (Eg administrators can now have badges that won’t be spoofable, etc.)