I’m looking into making a UE5 plugin to perform twitch integration. I believe that as part of that I specifically should use the implicit grant flow, however I’m hoping I’m missing something. I can access https://id.twitch.tv/oauth2/authorize just fine, automatically open a browser window but am struggling getting the token response since it’s an in-browser redirect (I am currently using localhost as my redirect_uri for testing).
Is the intended flow that I have a server set up to act as a middle-man to receive the token which then sends it to the game application? Or is there an auth flow where I can perform a post or get as a client & receive the response directly?
Since the integration would want access to chat, polls & likely some moderation, I don’t think an app access token is sufficient. And being a game, the users would have access to the (compiled & likely obfuscated) code so I don’t think it’d technically be able to securely store a client secret anyway.
Twitch oAuth only supports web based URI’s at time of writing
You could have a page on your server that displays something for the user to copy/paste to your game.
Or you could have your game start a temporary webserver to capture oAuth with (which is what the CLI does)
To read chat needs no Auth
To write chat needs auth
To read/write polls you’ll need a user token
You go read chat only and have the game announce the polls and then just read chat for votes.
go Chat read only. and use in game to announce polls and chat spam to capture votes
have a user accounts system, and the users game logs into your server and looks up a linked twitch account. This can also mean that your server does all the hard work and sends minimal data to the game (the poll result only instead of each vote for example if using chat spam)
have the user copy/paste something from a web page to your game (likely an implict auth user token
have a webpage that redirects to the game for the game to capture the generated implicit auth token
start a temproary webserver inside UE5 to capture the generated implict auth token (like how the Twitch CLI does it)
Thanks for the prompt response, that’s super helpful. Just want to make sure I’m understanding all your suggestions right.
You mean display some in game UI to say what chat should vote on & what the options are? And we’d have to implement things like ensuring votes are unique & handling when bits/channel points are spent ourselves via text parsing?
There’s no issues here with the redirect_uri needing to be set on the developer console? How would the oauth know which temporary webserver with the same uri to send the token to? (I’m having a look at the cli github, but I’m not familiar with go).