API Resources

Authentication via Audience Sync

About Audience Sync

The Audience Sync authorization flow is simply an OAuth extension, and is almost identical to the standard authorization code flow. It allows you (the publisher) to require information from a user before they can comment on your website.

Authorization

This is how you start AudienceSync. Skip to User Validation if you're using the embed AudienceSync implementation.

You'll need to first redirect the user to the authorize endpoint, with a different response_type in addition to the forum_id parameter:

Location: https://disqus.com/api/oauth/2.0/authorize/?
  client_id=PUBLIC_KEY&
  response_type=audiencesync&
  forum_id=FORUM_SHORTNAME
  redirect_uri=http://www.example.com/oauth_redirect

The same rules that apply for our standard authorization flow also apply here.

User Validation

The user will then be given a choice to accept or deny your request. If they choose to allow your application, they will be redirected back to your site with a temporary access code as the code parameter. If they do not, they will be redirected with an error parameter instead.

The following values are made available as part of the query string when the user is redirected back to your redirect_uri:

code
A temporary token which you will exchange for a finalized access token.
username
The username of the user who you're requesting authorization of.
user_id
A unique identifier for this user which is guaranteed not to change.
audiencesync_uri
The URL to which you will redirect the user once you've confirmed their authorization.

At this point, you the publisher, may choose to request additional information from the user (such as age), and perform any validation required. Once you've confirmed the user, authorize them with the server to grant them permission as well as to receive an access_token which can be used to query additional data form the user:

POST https://disqus.com/api/oauth/2.0/access_token/

grant_type=audiencesync&
client_id=PUBLIC_KEY&
client_secret=SECRET_KEY&
redirect_uri=http://www.example.com/oauth_redirect&
code=CODE

Completing Authorization

Once you have obtained the users access token, the final step is to redirect the user to the audiencesync_uri endpoint:

Location: https://disqus.com/audiencesync/complete/?
  client_id=PUBLIC_KEY&
  user_id=USER_ID&
  access_token=ACCESS_TOKEN&
  success=SUCCESS_VALUE

SUCCESS_VALUE should be 1 for a successful completion, or 0 if the user failed to complete the process.

We will then complete the process, and the user will now be authenticated to engage with Disqus on your website.