Help Understanding OAuth


#1

Hey All -

I’ve been looking through these forums and the documentation the past few days, and I have what are probably some pretty dumb questions.

First off, I was calling the following to Authenticate a twitch user on my application - https://api.twitch.tv/kraken/oauth2/authorize?response_type=code&client_id=ID&redirect_uri=http://localhost

This works fine and returns the URL plus 2 parameters, Code & Scope. Am I supposed to do anything with these? What is the Code used for?

When a user is authenticated like that, how am I able to see their information (Name, Stream URL, Description etc) in my application?

If/when I do get that information, do I need to create a second username in my own database for them to log in with? Or is them logging in with twitch enough that they won’t need a log in for my own application? I’m struggling with understanding the relationship between Twitch API, Twitch Username, OAuth, and storing information in myDB through myAPP.

I’ve also had success calling POST https://id.twitch.tv/oauth2/token?client_id=ID&client_secret=SECRET&grant_type=client_credentials to get an access_token through postman, but I’m also having difficulty calling that in .NET code behind and storing the access token as well.

Any help here is appreciated - the high level stuff is what’s bugging me most, and understanding how to move forward.

Thanks!!!


#2

This gives you a Server Token, which is only useful to give you a higher request rate for non user API requests.

You take the code and perform step three of the oAuth dance, you exchange the code for an access token, as documented:

3) On your server, get an access token by making this request:

POST https://id.twitch.tv/oauth2/token
    ?client_id=<your client ID>
    &client_secret=<your client secret>
    &code=<authorization code received above>
    &grant_type=authorization_code
    &redirect_uri=<your registered redirect URI>

After obtainin an access token via step 3 of hte oAuth dance you can make an authenticated request to

https://api.twitch.tv/helix/users

as documented:

Thats entirely up to you and how you wish to handle oAuth/third party service logins/session management.