Hello, I am absolutely brand new to JS, like brand brand new.
I am trying to learn how to work with external API’s for a school project and am hung up on how to get a users account permissions and what am i supposed to do with this:
from what I gather I have to setup my own authentication server, and somehow store the token to get permissions to the users account?
and I found this git hub page with a snippet for logging in
import TwitchHelix from “twitch-helix” // this comes from the local node.js server
const twitchApi = new TwitchHelix({
clientId: “x5xnhiu9ax66dn8gkpe08cq3kzffnlf”,
clientSecret: “xxxxxxxxxxxxxxxxxxxxxxxxxxx”
})
let login = twitchApi.getTwitchUserByName(“Lilrex2015”).then(twitchUser => {
console.log(twitchUser.display_name) // Prints “Lilrex2015”
})
and I am unsure what the purpose the id and secret play in the credentials management process.
I know these are very entry level questions and I do apologize for wasting anyones time; and before anyone says it, yes I have googled and YouTube’d, I watched so many YouTube videos on Js i gave myself a migraine.
Since you are trying to learn this for a school project, the main question you are asking around ID and Secrets are not JavaScript related but deal with OAuth2. This is a good place to start, even a little bit down it has a diagram that illustrates the OAuth2 flow in more detail:
The gist is this - which means, 10,000 ft view, take this with a grain of salt. Other people may describe this differently and that page will provide much greater detail.
Your Client ID provides a “public” identifier that may be used and exposed. The Secret should always be kept, well, secret, and never exposed on a web page (be careful with JavaScript - I prefer the MVC design pattern). This is used as a key, if you would, to truly identify yourself and to allow a user to trust you when they authenticate. Once they provide authorization you will get back an Access Token and Refresh Token that allows you to perform actions on behalf of the user. The user authorization is only needed if you are wanting to access secure endpoints (protected by Scope).
What is Scope? Scope is what you are requesting the user to give your application access to. Services provide different levels of Scope as needed to protect endpoints as needed.
The Twitch API docs provide information as to how they provide access to all of this:
Twitch provides the OAuth2 server. I presume since your class is centered on how to use an API that you are only going to consume it as a client. But yes, if you want to have others come over and authenticate, you need to setup some sort of service that they can choose to authorize with Twitch or not and then capture their token.
For a good example on how to get your token, follow:
Twitch provides examples using Curl to show you how to get your access token back. You can actually put the id.twitch.tv URL in your browser and once you verify your account and accept the permissions you will be redirected to the URL as indicated in that example and you can copy/paste the token from the address bar of your browser.
I use Kraken still, I wasn’t keen on moving over to Helix and recently Kraken was given more runway.
I don’t keep much to the chest with what I work on with Twitch. The bot I work on is Open Source, meaning, the code is out there for you to review (https://github.com/PhantomBot/PhantomBot) however our Twitch interface is written in Java. You can review the Java code and get an idea of how the bot communicates with Twitch at least.
Unfortunately, our website code for authenticating is not distributed under an Open Source license. Also, it would be pretty painful to glean from it what we are doing as there are hundreds of additional lines that just have to do with our website.
There is also an open source Node Twitch bot that may help, if you are using Node, SogeBot (https://github.com/sogehige/sogeBot) may be a good place to look.
That is a great jumping off point. Thank you. I have been tearing my hair out over this. (I knew there would be a learnig curve, but right now I think i would grasp open heart surgery procedures faster than this…lol)
Oh yeah, it isn’t entirely easy. I teach classes at work on OAuth2 with the web services that we use and I totally understand the glazed looks of folks on webcams.
If anything, do not worry at first about getting an authorization token and viewing protected data. With just the Client-ID you are able to query quite a bit of data to get your hands dirty (so to speak). Once you have the methodologies figured out for querying and parsing data then worry about moving further along with OAuth into access tokens, if you even need to for your class.
You can do some basic tests from the command line if you install a tool such as Curl (https://curl.haxx.se/download.html) even. This may be good if you just want to play around and see what is coming back in queries. Twitch provides example of using Curl in their API documentation as well each step of the way.
The Client ID allows you to query quite a few things just not items with Scope that are private to a user (such as subscriptions, for example). So, for example I can get some information back…
Not sure I understand the import portion but, your Client ID is used to query API endpoints unless you are wanting user specific data, then you have to acquire an OAuth Bearer/Access Token. That is discussed in the Authentication section of the Twitch API docs.
I think phrased it poorly, but you have already answered my question. So just to clarify, I input that curl command at the top of the script and it will return some public data about my account? Do i need to actually have curl installed on my machine or is that going to be handled on Twitch’s end?
If you are writing shell or batch scripts, sure, you can use Curl. You have to install it, I provided the link previously. It is a third party tool. That is just an example on how to pull data.
Helix does not support Client_ID as a parameter, it has to be provided in the Header. Also, you would pass the ID has a login parameter. Read up on REST parameters to understand what Twitch is asking for here to be passed and how. Be sure to read the differences between Helix and v5, they have a few.
illusion% curl -s -H 'Client-ID: ......' -X GET https://api.twitch.tv/helix/users?login=Lilrex2015 | python -mjson.tool
{
"data": [
{
"broadcaster_type": "",
"description": "Host of The Daily Chat, the ONLY & BEST TRUE TALK SHOW HOST ON TWITCH.TV AND BEAM.PRO/LILREX2015",
"display_name": "Lilrex2015",
"id": "57204065",
"login": "lilrex2015",
"offline_image_url": "https://static-cdn.jtvnw.net/jtv_user_pictures/lilrex2015-channel_offline_image-df75701d8d060ee3-1920x1080.jpeg",
"profile_image_url": "https://static-cdn.jtvnw.net/jtv_user_pictures/lilrex2015-profile_image-5ee09c6d4cd5a201-300x300.png",
"type": "",
"view_count": 21517
}
]
}
