In the docs, it says
GET https://id.twitch.tv/oauth2/authorize
?client_id=
&redirect_uri=
&response_type=code
&scope=
This will open a login page for the user, and redirect to the predefined URI after user finish auth.
My question is, if the user login on my website, and open the link, since redirect URI is predefined, I can’t put his server side user ID in it. Then how can I pass his server side user ID to the redirect URI to let my server link his twitch user ID to his server side user ID?
Is it OK to put server side user ID in the field “state”?
The docs says state is:
Your unique token, generated by your application. This is an OAuth 2.0 opaque value, used to avoid CSRF attacks. This value is echoed back in the response. We strongly recommend you use this.
So I think it serves other purpose than passing data.