Your account is not at risk
When you authorize Right Spot through Discord, you are not giving us access to your account. You are not sharing your password. You are not exposing your token. Discord OAuth is a secure, industry-standard authentication method that millions of applications use every day. Think of it this way: when you click “Log in with Google” on a website, you are not giving that website your Google password or access to your Gmail. The same principle applies here.What is OAuth?
OAuth (Open Authorization) is a secure protocol that allows you to grant limited access to your information without sharing your password. Major platforms including Google, Facebook, Apple, and Discord all use OAuth. When you authorize an application through OAuth:- You are redirected to the platform’s official login page (in this case, Discord)
- You log in directly with Discord, not with us
- Discord asks if you want to share specific information with the application
- If you agree, Discord sends us only the approved information
- Your password and account token never leave Discord
- Log into your Discord account
- Send messages on your behalf
- Join or leave servers
- Access your DMs or private channels
- Change your account settings
- Access your account token or password
What information do we actually receive?
When you authorize Right Spot, Discord shares:- Your username and display name
- Your Discord user ID (a public numeric identifier)
- Your email address
- Your profile picture
Why do we need Discord authentication?
There are practical reasons why we use Discord for authentication: Spam and fraud prevention: Without authentication, anyone could place orders using fake information. Discord authentication ensures each account is tied to a real Discord user, reducing fraud and spam. Order verification: Since Pokecoins are delivered through Poketwo (a Discord bot), having your Discord ID helps us verify that orders are going to the correct person. Account recovery: If you lose access to an order or need support, your Discord identity helps us verify ownership and assist you. No password management: You do not need to create and remember another password. Your Discord account handles authentication securely.How this compares to other platforms
Discord OAuth works identically to:- Sign in with Google: Used by millions of websites and apps
- Sign in with Apple: Common on iOS apps and websites
- Sign in with Facebook: Used across the web for years
- Sign in with X (Twitter): Standard social login option
Can we access your token or hijack your account?
No. This is technically impossible with how OAuth works. Your Discord token is a secret key that Discord generates and stores on your device. When you authorize an application:- The token stays on your device and Discord’s servers
- We receive a different, limited-scope token that only allows reading your profile
- Even if someone obtained the token we receive, they could not use it to log into your account
Official Discord resources
Discord provides documentation about how OAuth works and what permissions applications can request:- Discord Developer Portal - OAuth2 - Technical documentation on how Discord OAuth functions
- Authorizing Applications FAQ - Discord’s official guide to authorized applications
Revoking access
If you ever want to remove Right Spot’s access to your Discord information:- Open Discord and go to User Settings
- Navigate to “Authorized Apps”
- Find Right Spot in the list
- Click “Deauthorize”
Still have concerns?
If you have specific questions about how we handle your data or concerns about Discord authentication, contact our support team. We are happy to explain any aspect of our security practices in detail.Ready to continue? Return to Sign up and log in to create your account.