The API documentation states that if you do not provide a scope only ‘basic’ information will be available, but it defaults to the ‘channel_read’ scope which includes the user’s email and stream key, which should be kept private, obviously.
Is there a scope, or some way that I can authenticate a Twitch account through the API and get an OAuth token that gives access to very basic information (publicly available information), so I don’t have to worry if it falls into the wrong hands?
I’m developing a client-side application that sends the OAuth token (retrieved via the ‘Implicit Grant Flow’) to a server to verify the user.