Creating extensions as a team and 2FA

gangtaru · October 19, 2018, 7:42pm

If you are working on extensions with more than one person, you may be sharing a Twitch account to create, manage and edit extensions. We generally don’t recommend this approach, as someone unauthorized to your account may put your extension and Twitch users at risk.

Instead, a best practice would be to appoint a Build Lead to be the single contact to build and manage extension properties. At Twitch, multiple developers collaborating on a project typically work with a build lead to set up deploy/review points to ensure consistency and security.

If you still wish to share a Twitch account with 2FA enabled, here are a couple of secure methods your team can use to continue working with multiple release managers:

Check the “Remember this computer for 30 days” option on the 2FA dialog – We will store a cookie on your machine, which will need to be rotated every 30 days for security. You should log in on any machine managing extensions for the next 30 days. Clearing cookies will remove this verification, so be sure to either whitelist dev.twitch.tv or turn off any automatic cookie removal settings on your browser.

Use Authy on all devices accessing dev.twitch.tv – Authy is available on mobile devices and desktop computers. If you set up a Twitch account with a common Authy account, multiple developers can use their devices and authenticate using the app without needing to request a token from another developer. See this blog post for more information.

We will continue to improve the experience for teams working with extensions on Twitch Developers. We’ll be sharing more details soon. If you have any questions or need further support, please reply to this thread and our team will respond as soon as they can.

Thanks and happy developing!

WiseWoodrow · January 28, 2019, 8:38pm

That’s not a best practice. That’s a a terribly slow practice. Like genuinely disheartening, you make the most efficient practice to have multiple people create an extension account sharing, with your recommended best practice actually really terrible and a non-solution.

Heck. Like I know at the end you said you “will continue to improve the experience for teams working with extensions on Twitch Developers.”, but I’m confused how the company owned by Amazon managed to not have this as a feature on launch or at least shortly after.

gangtaru · January 30, 2019, 2:05am

Thanks for the feedback, @WiseWoodrow. We’re looking into more ways devs can collaborate and are excited to roll them out as soon as we can.

WiseWoodrow · January 30, 2019, 4:53am

Honestly the simple way would just be to let other people use the client ID and secret key to access things. Me and my friend saw it, and immediately he asked me for the two so he could try working on the extension. But it denied him. Why even have a “secret key” if it’s already only usable by your account? It’s confusing why that part needs to exist when the most obvious purpose for it, multi-dev, isn’t how it’s used.

BarryCarlyon · January 30, 2019, 9:55am

I’d like to see the ability to update all settings and things related to extensions be updatable via API as well as dashboard.

Which would achieve the same thing

pagep · February 27, 2022, 4:45pm

Hi guys, I think that multi account management should be a big priority.

No sharing of token / accounts / keys. Simple multi account management which is available for any other dev platform.

This forces you to share the account - to create a team/company account

Thanks

BarryCarlyon · February 27, 2022, 4:48pm

This is “solved” via organisations

You just necro’ed a 3 year old post where the problem was “solved” with the introduction of Organisations

pagep · February 27, 2022, 4:52pm

Oh nice. I was trying to google all possible ways to develop as a team and nothing lead to the organizations

Thanks