I am creating a Windows Application in C# that requires logging in the user via the Twitch API. A quick disclaimer- I am new to both the Twitch API and C# (only writing in this so I can create a Windows App), so bear with me.
So far I have accomplished the following:
The user presses the login button and is redirected to the twitch login page
The user is able to successfully accept using my application and the defined scope (defined in the GET parameter of the url)
The user is redirected to my redirect_url (which is currently a http://localhost page) where their access token is visible as a GET parameter
Now, if I am understanding this correctly, I am going to have to access that access token from my C# program to be able to make the correct GET/POST requests to the API to perform the actions specific to the user. I am not sure where to go from here. How can I pass the token back into my program- is it even possible? Maybe a request of some sort?
Just for testing purposes, I manually hard-coded the generated token and made a GET request to the API, and I was able to successfully pull the user’s information.
See this is where I’m stuck. I can make that call from a script running on the redirect page, but that doesn’t help me with getting the token into my application. If I make a GET request from within my C# code, I obviously don’t have access to the hash from the url…
Am I looking at this the wrong way?
I am using implicit auth so yes, it is an access token.
With implicit auth the access token is returned in the hash from the URL.
If you can’t obtain the hash from the URL, then don’t use implicit auth.
Implicit Auth is sorta designed for Client Apps that you give the whole code to the user. In order to protect/not leak your secret. As oAuth Authorization Code Flows need the secret.
Implicit Auth’s also cannot be renewed, so every four hours or so, your access code will die forcing you to make the user authorize again.
You probably want to be looking at the oAuth Authorization Code flow for most use cases.
But how would you recommend I go about making the necessary requests in my situation? If I run the POST request from my redirect page (which is just a php file on localhost running a JS file) I will have access to the code in the URL but my token will only be accessed from there, correct? However, if I try to make a request from my Application, I will not have access to the code in the URL…
I am having trouble figuring out how to make the browser-based authentication communicate with my Application.
I honestly hadn’t even considered users entering their code manually because I was trying to make the situation as seamless as possible lol. I am first going to try to have my application raise a webserver on a localhost port, as you said. Otherwise, I will have them enter it manually.
