I am currently trying to build a panel extension that has no backend(hosted by myself or something I have to pay for).
So I have a lot of problems understanding how the authentication and authorization works.
My extension should be a simple leaderboard showing all time bits leaders and maybe longest followers/longest watchtime.
Since I have no backend but I need scopes and therefor JWTs I decided to use the method provided by:https://blog.hasura.io/best-practices-of-using-jwt-with-graphql/ (i am not using graphql)
Basically I will store the refresh token in a secure http cookie.
Hopefully this works, maybe tell me a better method if there is one.
But since I would only have the Twitch hosted iFrame: What would my redirectURI be?
Would it be a workaround to redirect to one of my github pages site and then let this have the authenticate/refresh loop running?
From my understanding I need initialize the authorization in the registered client this would get to my github pages and in case the token becomes invalid it automatically starts authorization again or do I need to check for authorization in the panel, even tho I have it running on github pages?
How would I code that?
But I am a bit confused on how this will actually work.
Only the broadcaster has to authorize the scopes.
Will it automatically update all panels shown to users or do I need to make an extra login button page for the broadcaster?
Where would I put that page? Is it config?
I realize this topic might be a bit much and confusing itself but maybe someone can help and has even some code examples