Do you have to authenticate every single time?

I use something like this, for testing, to allow my twitch account to be used on my website:

<a class="btn btn-default" href="https://api.twitch.tv/kraken/oauth2/authorize?response_type=code&client_id=...&redirect_uri=...&scope=user_read+channel_read+channel_subscriptions+user_subscriptions+channel_check_subscription&state=<?php echo randString(); ?>"><i class="fa fa-fw fa-lock"></i> Authenticate</a>

After authentication is accepted I then have my own class:

class twitch {
	var $base_url = "https://api.twitch.tv/kraken/";
	var $client_id = "...";
	var $client_secret = "...";
	var $return_url = "...";
	var $scope_array = array('user_read','channel_read','channel_subscriptions','user_subscriptions','channel_check_subscription');
	
	public function get_access_token($code,$state) {
		$ch = curl_init($this->base_url . "oauth2/token");
		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_POST, 1);
		$fields = array(
			 'client_id' => $this->client_id,
			 'client_secret' => $this->client_secret,
			 'grant_type' => 'authorization_code',
			 'redirect_uri' => $this->return_url,
			 'code' => $code
		);
		curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
		$data = curl_exec($ch);
		$response = json_decode($data);
		curl_close($ch);

		return $response->{"access_token"};
	}
	
	public function check_token($access) {
		$headers = array();
		$headers[] = "Accept: application/vnd.twitchtv.v3+json";
		$headers[] = "Authorization: OAuth " .$access;
		
		$ch = curl_init($this->base_url);
		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
		$data = curl_exec($ch);
		$response = json_decode($data);
		curl_close($ch);
		
		return $response;
	}
	
	public function get_user($access,$lookup) {
		$headers = array();
		$headers[] = "Accept: application/vnd.twitchtv.v3+json";
		$headers[] = "Authorization: OAuth " .$access;
		
		$ch = curl_init($this->base_url . "user");
		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
		$data = curl_exec($ch);
		$response = json_decode($data);
		curl_close($ch);
		
		if($lookup != "all") {
			return $response->{$lookup};
		} else {
			return $response;
		};
	}
	
	public function get_following($access,$lookup) {
		$headers = array();
		$headers[] = "Accept: application/vnd.twitchtv.v3+json";
		$headers[] = "Authorization: OAuth " .$access;
		
		$ch = curl_init($this->base_url . "users/$lookup/follows/channels");
		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
		$data = curl_exec($ch);
		$data = json_decode($data);
		
		$response = $data->{'_total'};
		
		curl_close($ch);
		
		return $response;
	}
};

Every time I go to my website, I currently have to click the authenticate link to get a new access token, I wondered if an access token could be stored in a php session variable and then reused, say on another page? Or is a new access token required each time?

Should an access token be store in a database, session variable or not at all?

Yes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.