The Complete Guide to Discord Member Verification

A discord member verification system is the single most important tool for keeping your server safe from raids, spam bots, and alt accounts. Discord's built-in verification levels—requiring a verified email or a certain account age—are a start, but they are trivially bypassed by anyone with five minutes and a disposable email provider.

This guide covers everything you need to know about setting up serious verification: how OAuth2 works, what VPN and alt detection actually do under the hood, and how to build a verification experience that protects your server without driving away legitimate members.

Why Default Discord Verification Is Not Enough

Discord offers four built-in verification levels:

1. None — Anyone can send messages immediately
2. Low — Must have a verified email
3. Medium — Must be registered on Discord for more than 5 minutes
4. High — Must be a member of the server for more than 10 minutes
5. Highest — Must have a verified phone number

These levels are applied server-wide and are easily circumvented:

• Verified emails can be created in bulk using temporary email services
• Account age requirements are meaningless when attackers maintain aged account farms
• Phone verification can be bypassed with VoIP numbers or SIM farms
• None of these methods actually verify the person is who they claim to be

For any server that matters—whether it is a paid community, a project with sensitive channels, or a public server above a few hundred members—you need an external discord verification bot that goes deeper.

How OAuth2 Verification Works

Modern verification bots like Restore Hub use Discord's OAuth2 protocol. Here is how the flow works in plain terms:

The Verification Flow

1. Member joins your server and sees a verification channel with a button or link.
2. Member clicks the verification link, which takes them to a web page hosted by the verification service.
3. The web page redirects to Discord's OAuth2 authorization screen, asking the member to grant specific permissions (usually `identify` and `guilds.join`).
4. Member clicks "Authorize" on Discord's official screen. No password is ever shared with the verification service.
5. Discord sends an authorization code back to the verification service.
6. The verification service exchanges the code for an access token, which it uses to read the member's Discord ID, username, and avatar.
7. Additional checks run — VPN detection, browser fingerprinting, alt detection, etc.
8. If all checks pass, the member is automatically assigned a verified role in your server.

What Data Is Collected

Through OAuth2, a verification bot receives:

• Discord user ID
• Username and discriminator
• Avatar URL
• Email address (if the `email` scope is requested)
• A refresh token to maintain the connection

This is important: the bot never sees the member's password. OAuth2 is specifically designed to grant limited access without exposing credentials. The member authorizes the connection through Discord's own interface.

Why This Matters for Security

The OAuth2 connection gives server owners something Discord's built-in verification cannot: a persistent, authenticated link to each member. If a member is banned or leaves, the server owner still has a verified record of who they were. This is the foundation of member backup and recovery services.

VPN and Proxy Detection

One of the most effective tools against raid bots and ban-evading alts is VPN and proxy detection. Here is how it works.

IP Analysis

When a member visits the verification page, their IP address is checked against databases of known VPN providers, proxy servers, data center IP ranges, and Tor exit nodes. The key indicators include:

• ASN (Autonomous System Number) — Data center ASNs are almost never used by legitimate residential users. If the IP belongs to AWS, DigitalOcean, or a known VPN provider, it is flagged.
• IP reputation databases — Services like IPQualityScore and IP2Proxy maintain databases of IPs associated with spam, fraud, and abuse.
• Geographic inconsistency — If the member's Discord account is set to one region but they are connecting from a data center in another continent, that is a signal.

Handling False Positives

Not everyone using a VPN is malicious. Privacy-conscious users, people in restrictive countries, and remote workers on corporate VPNs are legitimate. A good verification system provides options:

• Warn but allow — Flag VPN users for manual review but let them through
• Block and offer appeal — Block the verification attempt but provide a way to contact server staff
• Require additional verification — Ask VPN users for an extra step, like answering a CAPTCHA or providing their email

Restore Hub lets server owners configure VPN detection sensitivity on a per-server basis, from fully permissive to strict blocking.

Alt Account Detection

Alt accounts—secondary Discord accounts used to evade bans or manipulate communities—are one of the most persistent problems in Discord moderation. Detection works through several complementary techniques.

Browser Fingerprinting

When a member visits the verification page, their browser exposes a surprising amount of identifying information:

• Canvas fingerprint — How the browser renders a specific image varies slightly between devices
• WebGL renderer — The GPU model and driver version create a near-unique identifier
• Audio context — How the browser processes audio signals varies between hardware configurations
• Screen resolution and color depth — The exact display configuration
• Installed fonts — The set of fonts available in the browser is highly variable between systems
• Timezone and language settings — Combined with other signals, these narrow the identity further

When two Discord accounts verify from the same browser fingerprint, the system flags them as probable alts. We cover this in more depth in our article on Understanding Discord Browser Fingerprinting.

Account Age Analysis

The age of a Discord account is a strong signal. Accounts created within the last few days or weeks that immediately join and verify are more likely to be alts or raid accounts. Restore Hub lets you set minimum account age requirements (e.g., 30 days) as part of the verification flow.

Cross-Server Intelligence

If a verification service operates across many servers, it can detect patterns that a single server cannot see:

• An account that has been verified and then banned in multiple servers is a strong negative signal
• An account that shares a browser fingerprint with a known banned account across any server in the network is flagged
• Rapid verification attempts across many servers in a short time suggest automated behavior

Custom Verification Pages

The verification page is often the first real interaction a new member has with your community. Making it look professional matters.

Why Customization Matters

• Trust — Members are more likely to complete verification when the page looks professional and matches your branding
• Conversion — A branded, clear verification page reduces drop-off rates compared to a generic bot interface
• Professionalism — For paid communities and business servers, a custom verification page signals legitimacy

What You Can Customize With Restore Hub

• Server logo and colors — Your branding, not generic bot branding
• Welcome message — Custom text explaining what the server is and why verification is needed
• Custom background — Upload your own background image or choose from templates
• Custom domain — Use your own domain (e.g., `verify.yourcommunity.com`) instead of a generic URL. See our guide to setting up custom verification domains
• Redirect URL — Choose where members land after successful verification

Custom Bots

For larger servers that want full brand consistency, Restore Hub supports custom bots:

• Use your own bot application with your own name and avatar
• The verification messages, DMs, and role assignments all come from your branded bot
• Members never see "Restore Hub" — they see your community's bot
• All functionality remains the same; only the bot identity changes

Setting Up Restore Hub Verification

Here is a step-by-step walkthrough for setting up discord oauth2 verification with Restore Hub:

Step 1: Add Restore Hub to Your Server

Visit restorehub.net and click Add to Discord. Authorize the bot with the required permissions:

• Manage Roles (to assign the verified role)
• Send Messages (to post the verification prompt)
• Manage Channels (to create or configure the verification channel)

Step 2: Configure Verification Settings

In the Restore Hub dashboard, select your server and navigate to Verification Settings:

• Choose or create the role that verified members receive
• Set the verification channel where the prompt will appear
• Configure VPN detection level (off, lenient, moderate, strict)
• Set minimum account age requirement
• Enable or disable browser fingerprinting
• Toggle alt account detection

Step 3: Customize Your Verification Page

Upload your server's logo, set your brand colors, write a custom welcome message, and optionally configure a custom domain.

Step 4: Test the Flow

Use an alt account or ask a trusted member to go through the verification flow. Confirm that:

• The verification page loads correctly with your branding
• OAuth2 authorization completes without errors
• The verified role is assigned automatically
• VPN detection works as expected (test with a VPN if you enabled it)

Step 5: Announce to Your Server

Post an announcement explaining the new verification system. Key points to communicate:

• Why verification is being added (security, spam prevention)
• What members need to do (click the link, authorize with Discord)
• What data is collected and how it is used (transparency builds trust)
• Who to contact if they have issues verifying

Advanced: Verification for Paid Communities

If you run a server with paid access—Patreon, Whop, Shopify, or another platform—verification can be integrated with your payment system:

• Members verify through OAuth2 and are marked as free members
• When they purchase access, the verification system updates their role to the paid tier
• If payment lapses, the paid role is automatically removed
• The member retains their verified status and can re-purchase without re-verifying

This creates a seamless experience where verification and monetization work together.

Verification Analytics and Monitoring

Once verification is live, monitoring its performance helps you optimize the experience:

• Completion rate — What percentage of members who click the verification link actually complete the process? If this is below 70%, your page may be confusing or your requirements too strict.
• Drop-off point — Are members leaving at the OAuth2 screen, the VPN detection step, or somewhere else? Identifying the drop-off point tells you what to fix.
• Alt detection rate — How many accounts are being flagged? A very high rate might indicate your detection is too aggressive. A very low rate might mean it is not working.
• Time to verify — How long does the average verification take? If it is more than 60 seconds, something may be slowing the flow down.

Restore Hub provides these analytics in the dashboard, giving you visibility into how verification is performing across your server.

Common Verification Mistakes to Avoid

1. Making verification too difficult — Every additional step loses members. Keep it to one click plus one authorization.
2. Not explaining why verification exists — Members who do not understand the reason are more likely to leave than verify.
3. Setting VPN detection to maximum on a public server — You will lose legitimate members who use VPNs for privacy.
4. Ignoring the mobile experience — Most Discord users are on mobile. Ensure your verification page works well on phones.
5. Not testing the flow regularly — OAuth2 tokens can expire, domains can lapse, and roles can be accidentally deleted. Test monthly.

Key Takeaways

• Discord's built-in verification levels are insufficient for serious server security
• OAuth2-based verification provides persistent, authenticated member records
• VPN detection, browser fingerprinting, and alt detection work together to filter bad actors
• Custom verification pages improve trust and completion rates
• Restore Hub combines all of these features with an easy setup process

Ready to protect your server with real verification? Get started free at restorehub.net and have OAuth2 verification running in under five minutes.