Hey @dan - thank you for your thorough reply! And sorry for the delay,
I think I've got the refresh token and the correct scopes. What I don't have currently is a backend - I only have a client-side application and my self hosted FusionAuth, currently. It seems like if I need to access the FusionAuth backend in order to pull the user's Discord token from the link, there will be no way to do this securely without a separate backend. Does that sound right?