I’m building an app to manage streamers clips (list, delete one or many, rename, share, download etc).
I’ve built a simple front-end with Vuejs and now I’m looking to authenticate to the New Twitch Api as a user. After reading the documentation I found multiple ways to do authentication.
I think that for my use case I need OIDC Authorization Code Flow or OAuth Authorization Code Flow (as far as I understood, OIDC is built on top of OAuth2 to get even more informations on the user returning asked user’s data).
But for some kind of reason my browser keep telling me that access-control-allow-origin is missing from the headers. I also tryied to replace http://localhost:8080 by * but nothing is changing.
Before posting here, i red about this post on the forum CORS - Wrong ‘Access-Control-Allow-Origin’ header but I could not find any result who help me.
If you have some hints or advices I would love you read them, thank you.
Man you are fast ! thank you for being this active !
In the description I can read Send the user you want to authenticate to your registered redirect URI. Then, an authorization page will ask the user to sign up or log into Twitch and allow the user to choose whether to authorize your application/identity system.
I thought Twitch would handle this and send me an iframe to Accept or Decline the authorization and then redirect to the redirect_uri to my dashboard.
I think I’m missing something but I don’t understand : Is the user redirected to Twitch at a specific uri to accept/decline and the redirected to my dashboard ? how is this related to my CORS issue ?
How exactly do you plan on doing some of those functions? The only supported Clips API functions are to retrieve a list of clips, and to create a new clip.
How exactly do you plan on doing some of those functions? The only supported Clips API functions are to retrieve a list of clips, and to create a new clip.
For now I’m only focusing to build a dashboard in vuejs with a list of user’s clips it’s to explore Twitch Api and maybe in the future if the api allows me to edit / delete / download add theses features.
To help a bit more on my case : I was triggering a function with an onclick button. But as @BarryCarlyon told me it’s a redirection, I simply changed it for a link to this href
Now I still have to figure out what do I have to do with this new code (I think I have to pass it to every requests I make to say that this request I allowed by Twitch to be performed and avoid CORS issues, please correct me if I’ve misunderstood something).
Thank you so much for your help, I switched to an Implicit Auth and it works like a charm. Can I put it in browser storage without any fear of lack of security ?
I’m able to get an access token / id_token / scope / token_type in response of the OAuth2/OIDC Implicit everything seems to be fine ! Thanks for your help !
However, I have some new questions on theses informations. I have no backend for now, and do not plan to use one (api / lambda / db) :
How do I decrypt this id_token ?
How to store access_token in front end, since localStorage and sessionStorage are not secured places for JWT ?
Do you recommend to build any third service to store auth informations ?