Right now when we do authentication, it uses https://github.com/justintv/Twitch-API/blob/master/authentication.md#auth-code but if a user is logged in to their Twitch account it won’t actually ask them to put in their username/password. While this is ok most of the time, we’ve had several users complain that my site is auto logging them in to another one of their accounts, because they are logged in to twitch.tv already with that account.
Is there a way to force a user to put in their username/password so that if someone is logged in to some other account on twitch.tv it doesn’t automatically assume that it is the account they want to use on my site?
It might just be easier to tell them to clear their cookies and cache, and then try again. The amount of users this affects should be well below even 1% of the Twitch user base, just going on how often someone has come to me with this issue. Most people do not use multiple accounts on Twitch, and the ones that do may have bad intentions (ban evasions, for example).
I actually like how instant authentications are at the moment. Less time spent authenticating is a bonus to most users.
I would also very much like this, where I’d like it to be an URL parameter flag to not use the current login. Something like:
&client_id=[your client ID]
&redirect_uri=[your registered redirect URI]
&scope=[space separated list of scopes]
For example when you are doing an embed on desktop you’re using the login from Internet Explorer, which in many cases is not intended.
EDIT: Since the user is logged in and authorized to the app, any further attempts to authorize will make the user unable to pick which user to log in as without going to the Twitch site itself and logging out. This has caused quite a few problems for my users, and is not very intuitive.
@night The thing is, even if I clear their cookies on my site, as soon as they hit the auth page with twitch from my site it will automatically log them in if they are already logged in with Twitch and have given my app approval. You are right, 99% of the time I love how it works, but I do get several users asking me why my site “keeps logging them in to their bot account” etc etc.
@moocat that would be pretty cool, that seems like a pretty graceful solution and would allow developers to pick when they want it to happen. I don’t ALWAYS want to force them to log in, but if I detect a pattern where they log out in a matter of 2 minutes I could flag them to force their login next time.