Implementing a feature into my project, I want users to be able to explicitly grant a specific permission (channel_editor) at the point they require it - I don’t want it to be a part of the original connection process.
What’s the best way to go about this? I tried going down the route of https://api.twitch.tv/kraken/oauth2/authorize?response_type=code&… but this ended up overwriting existing scope permissions, rather than adding to. Is the only way to include existing + new permissions or is there a more elegant solution?
Sorry if this is documented - I did look through the auth guide but I couldn’t see anything that was of use.
Scopes do get overwritten. Instead of changing scopes as users require them, I have opted to request what I need from the start. This makes it more simple in the case where you need to reauthorize accounts (due to issues out of your control, like a user revoking permission from the “Connections” page or Twitch’s security breach where everyone’s access tokens expired).
Thanks for the reply. I guess collecting them from the start certainly makes life easier, it’s just I do feel some users will be hesitant to allow X Y and Z and therefore may turn away from the service. We’ll see. I have it fetching existing permissions and then adding to those permissions at the moment so I’ll run with that until it becomes noticeably problematic…