⚔️ Swordy Bot - Discord Role Manager

Swordy Bot - Discord Oauth + Paywall + Role management

I’m finally comfortable sharing this new version, since anyone can use it - not just crypto-savvy nerds like me. Maybe one day the RW community will use it for our own Discord :rocket:

One Minute Demo



How it Works

  1. Discord Oauth creates a new User in the Swordy Bot database
  2. Redirect user to the Unlock Protocol paywall to purchase a specific NFT (everyone knows what an NFT is right?). If they don’t have a crypto wallet, they can create one easily with email & password.
  3. Redirect back to Swordy Bot with a message signature, which allows me to verify they actually own this wallet.
  4. I use their wallet address to check if they have the correct NFT. If so, I grant them a specific role in the Discord server, so they can access more channels.

This release is accompanied by updates to the RedwoodJS Ethereum Auth library to support up to RedwoodJS v0.36, and hopefully will all the way to RedwoodJS v1.0 :crossed_fingers:


There is a frontend component, but most users never have to click anything- only on the external paywall site. However, Discord server managers get to see the “admin dashboard” which looks like this:

ShOw mE THe CoDe

While the latest version isn’t open source, I just released version 1 so that others may learn and benefit from my previous work. You should not expect this to work out-of-the-box, but rather use it as an example and a learning tool. Here are my takeaways from V1:

  • Most important! Don’t split the app logic between the Heroku Discord Bot and the RedwoodJS app. Instead, the Heroku Discord Bot should be as “dumb” as possible, and simply act as a messenger between Discord and the RedwoodJS app.
  • I did not implement Discord OAuth in V1, but rather my own solution for verifying ownership which requires DM’ing. Using the Discord Oauth is a better solution overall in terms of UX, and is harder to break, despite being much more work to implement.
  • The V1 bot requires DM’ing the user a unique link to verify ownership. This is an anti-pattern, since many users disable DM’ing from other server participants to prevent spam, which means the bot simply appears “broken” to this set of users.
  • Don’t even try to do any kind of complex “command-line” style bot interactions… Its terrible UX and everyone will be asking for help. V1 requires Discord server managers to update roles by typing something like !add <token-address> <chain Id> <role-name> . It is simply unreasonable to expect non-techie people to use a command line. The only successful consumer-facing “CLI-like” experience I’ve used is AI chat-bots. So unless you plan on spending TONs of time adding AI to your bot, just make a damn frontend to actually visualize what they are doing. (I can feel spicy tweets incoming!)


Big thanks to everyone for answering questions in the chat! RW to the moon :man_astronaut:t2:


I have no idea what’s happening here, but good job! :smiley:

One thing: “since anyone can use it - not just crypto-savvy nerds”… but this assumes:

  1. You know what an NFT is
  2. You have a wallet installed (for the correct Network, I assume Ethereum?)
  3. Presumably have funds if the claiming process isn’t free
  4. Somehow grok the concept of using an NFT as a login?


1 Like

You can use the email/password option and a credit card. Then you don’t really need to know anything about blockchain or wallets or NFTs. It just feels like a normal paywall.

One of the many advantages of restricting access using NFTs is that no one can “take away” your NFT. Also, any app developer can integrate it- not just Unlock Protocol & Swordy Bot.

Its sort of like buying a skin/item in Fortnite, which can also be used in Animal Crossing. In this example, both game developers can attribute the same family of NFTs to different perks in their respective games. Just call up the public blockchain like “Yo does Rob have any of these NFTs? If so lets give him an awesome hat.”

Another example: Give all contributors to RW a non-transferrable NFT thank-you gift (which they will gladly accept as a badge-of-honor). The next time some fantastic project wants to reward existing FOSS contributors, they can airdrop their token to everyone who holds the RW NFTs - without even asking permission.

Can it check if you have EVER owned that NFT at any point in the past, or only if you currently have it?

Right now, it only works for this immediate moment. But if there is a use-case for historical ownership, that could be added too (using The Graph)

The Graph PROTOCOL? :sweat_smile:

1 Like