Verification flow

End-to-end view of what happens when a user runs /verify.

1. Step 1

   User runs /verify in your server. The bot replies ephemerally with a Components v2 container including the guild name, Discord username, and a Verify button.

2. Step 2

   When the user clicks Verify, the API creates a single-use session token bound to (guildId, discordUserId), generates a short profile-code (e.g. MGS-A7P2-K9NX-T4QW), and stores an expiry (default 15 minutes).

3. Step 3

   The user is sent to a secure verification page that shows the profile-code, with a Copy button and a step-by-step explainer.

4. Step 4

   The user pastes the profile-code into their Roblox profile description, returns to the page, and confirms by entering their Roblox username.

5. Step 5

   The API resolves the username to a Roblox user ID, fetches the description through the public Roblox API, and confirms the code is present.

6. Step 6

   On success, the user/account is upserted, a MemberLink is created (or updated) with status VERIFIED, the session is marked used, and a role-sync job is queued.

7. Step 7

   The role-sync worker fetches the user's Roblox group memberships, resolves desired roles via the resolver, and applies adds/removes through the Discord REST API. Nicknames are updated if enabled.

8. Step 8

   A Components v2 success message and an audit log entry close the loop. If a log channel is configured, an embed is posted there.