But I have a JS error and this one said that the request is blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
So I have tried plenty of solutions to solve that problem on my web application, but this error is still there.
I’m just wondering if this error comes from the response of the Twitch API which doesn’t send the proprer CORS headers, or if the Twitch API is blocking my request for some reason.
Step 1 - Redirect to Twitch
Step 2 - user accepts (or delcines) the account/clientID Link
Step 3 - under regular/code auth they come back to your redirecURL with a ?code
Step 4 - exchange the code for a token.
But if you are doing this in a pure JS environment then you use implict auth
Okay, I don’t know if I have to make an other post for my question but I’m wondering if pick the right flow for the access token.
My goal is to have my own twitch application (a web application that is connected to twitch) on my local computer, and which can read and send messages to my stream, manage this one and also get my follower list. All of this is managed with JavaScript.
I choose to get a Authorization code grant flow, but maybe I had to get this one with Implicit grant flow ?
For a personal application/project any of the oAuth flows work.
Generally for what you describe you should be using “regular”/(code) oAuth which provides a access and refresh tokens. Then when the access token dies use the refresh token to get a new access token.
For this requries a “server application”/server code since the calls should be blocked on CORS. To prevent leaking of a ClientSecret.
So
Any works you jsut need to write the code to go with it
For the quick start you can use the TwitchCLI to generate a token then copy/paste the token to your app from what the CLI generates
Thank you very much, I think the twitch CLI will be a good start.
But I’m afraid for the futur, because I know that for the follower list, I will have to make some ajax call to twitch, and maybe those call wil get the same problems with CORS.
And for what you said, my application is hosted on a local server which is Laragon (similar to WAMP/XAMP), and it work with the PHP Framework Laravel, so for that I think I’m good.
So in a local server, will it work with the CORS ? In my memories, I have made a previous application with the same configuration (Laragon with Laravel) which was connected to Twitch, and I had no problem with the CORS. Maybe the security has been updated since this time.
Okay thank you very much for your patience and your help, I know that I post a lot of post (before I did post like maybe 4 haha), but it really helps, so thank you very much !
Just a quick update, I get the token from the twitch CLI and it work very well, I can access to my follower list with an ajax call without any CORS issues.
But just a last question : I didn’t mentionned any scope to get the code, does it mean that every scope are applied to this code ?
Only the scopes you specify are requested when the user goes through the OAuth process to accept those permissions. If you don’t specify any scopes, the token wont have any.