I want to create mini-games on my website and saving scores of the players with their Twitch username, I want the players to use their Twitch account to play,
I succeeded to use this Get Users Api Twitch and I can now see my own informations on my website but I had to hard-code my username as the login Optional Query Parameter,
How can I after redirecting the user to this link (link Twitch), get his username to put it instead of my hardcoded username ?
As the Get Users Endpoint states: “If neither a user ID nor a login name is specified, the user is looked up by Bearer token.”
If you omit both mentioned parameters, the token will be used as the source instead, giving you what you want 
Oh thanks, I was now looking at the “Validation requests” section of this page Authentication | Twitch Developers, it looks like it returns the username too ?
That it does - however, if you want the display_name, not the login, you’ll want the Get Users endpoint. Depends on your usecase!
Thank you very much man, you can close the topic !
Here is a code example to demostrate the work flow using implict auth
https://barrycarlyon.github.io/twitch_misc/authentication/implicit_auth/
Thanks mate it’s very helpful for me,
I want that the user datas to persist in my website to avoid the user to have to authorize the app via Twitch Popup everytime, I can use localStorage to store the accessToken and the expirationDate ?
How do you do to avoid the user to click on “authorize app” ? It looks like the redirection is done automatically on your site ?
I’m using React/Node and I was using https://id.twitch.tv/oauth2/token to get the accessToken and then https://api.twitch.tv/helix/users to get the username and id of the user, but it seems you directly do the request on helix/users you ?
You normally wouldn’t use client side, You’d use a server based session for this, but depends on the use case, And thus not use implict auth.
However, sure you can store the users own token in the users own localStorage.
This depends how you want to manage user website persistance. For my websites/minisites, I’ll use regular oAuth flows to get a server session and back that with my DB. but depends what I need to login people for.
The linked Implict Auth Example, is just an easy way to demonstrate how to get a user from a oAuth token.
You have to click “authorize app” to provide a token.
Without force_verify if you already linked, the flow just loops around without the “confirm” link. If thats what you mean.
This question is unclear
This example being implict auth.
https://id.twitch.tv/oauth2/authorize?client_id=hozgh446gdilj5knsrsxxz8tahr3koz&redirect_uri=https%3A%2F%2Fbarrycarlyon.github.io%2Ftwitch_misc%2Fauthentication%2Fimplicit_auth%2F&response_type=tokenhttps://barrycarlyon.github.io/twitch_misc/authentication/implicit_auth/#access_token=TOKENHERE#access_token from the URLFor implcit auth there is no ?code to access token exchange
As the access token is provided in the URL fragment
For an example of “Server based” sessionage see user_access_generator https://github.com/BarryCarlyon/twitch_misc/tree/main/authentication/user_access_generator
Here you go
?code query string argument?code for an access tokenThere isn’t a “live” example of this as GitHub doesn’t have a “Server” to run server code/sessions with.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.