fix(discord): fall back to env vars in mergeCredentials when credentials not explicitly set#150
Open
tonystrawberry wants to merge 4 commits into
Open
Conversation
… and public key When discordChannel() is called without explicit credentials, mergeCredentials returned botToken: undefined. callDiscordApi gates auth on !== undefined, so the Authorization header was never set and Discord returned 401. Fix by defaulting to lazy env var readers so the fallback is always reachable. Fixes vercel#149
|
@tonystrawberry is attempting to deploy a commit to the Vercel Team on Vercel. A member of the Team first needs to authorize it. |
I, Tony Duong <tony.duong.102@gmail.com>, hereby add my Signed-off-by to this commit: edb54e6 Signed-off-by: Tony Duong <tony.duong.102@gmail.com>
![vercel[bot]](https://avatars.githubusercontent.com/in/8329?s=60&v=4){kind=small}
… mergeCredentials Signed-off-by: Tony Duong <tony.duong.102@gmail.com>
…eCredentials process.env.* returns string | undefined; DiscordBotToken requires () => string | Promise<string>. The non-null assertion satisfies the type — resolveDiscordBotToken throws at runtime if the var is absent. Signed-off-by: Tony Duong <tony.duong.102@gmail.com>
tonystrawberry
commented
Jun 21, 2026
| @@ -679,8 +679,8 @@ function mergeCredentials( | |||
| ): DiscordChannelCredentials { | |||
| const merged: DiscordChannelCredentials = { | |||
| applicationId: state.applicationId ?? credentials?.applicationId, | |||
Author
There was a problem hiding this comment.
Regarding DISCORD_APPLICATION_ID, resolveDiscordApplicationId is called unconditionally and already handles undefined by falling back to process.env.DISCORD_APPLICATION_ID so it's fine here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When
discordChannel()is used without an explicitcredentialsoption (the common case), scheduled and proactive sessions always get HTTP 401 from Discord.mergeCredentialsreturnsbotToken: undefinedwhen no credentials are passed.callDiscordApigates theAuthorizationheader on!== undefined, so the block is skipped entirely — no auth header is sent, Discord returns 401. The env var fallback insideresolveDiscordBotTokenis never reached.This only affects scheduled/proactive sessions (e.g.
receive(discord, { target, auth: appAuth })from a schedule handler). Slash command sessions are unaffected because they use an interaction token for the initial deferred reply.Fix
Default
botTokenandpublicKeyto lazy env var readers inmergeCredentials, consistent with howresolveDiscordBotTokenalready handles the function variant.Workaround
Until this is patched, pass credentials explicitly to
discordChannel():Fixes #149