How to login chatbot without using https://twitchapps.com/tmi/

MountainRiderAK · June 10, 2020, 10:15pm

How do I login my chatbot without using an OAuth token from Twitch Chat Password Generator ?
At some point, my code needs to send a PASS, like this:

    await self.send_data(f"PASS {self.tim_token}")
    await self.send_data(f"NICK {self.bot_nick}")

However, I was told that using Twitch Chat Password Generator is a bad idea. Unfortunately, I can’t figure out how to get the equivalent by reading the Twitch API docs.

Strangely, Twitch’s own documentation recommends using that URL:

The token to authenticate your chatbot with Twitch’s servers. Generate this with Twitch Chat Password Generator (a Twitch community-driven wrapper around the Twitch API), while logged in to your chatbot account. The token will be an alphanumeric string.

To say that this is confusing is an understatement.

BarryCarlyon · June 10, 2020, 10:55pm

As covered in your other thread.

You need to implement the oAuth loop yourself. For user Auth, that a bot would use, this means you need to throw up a webpage somewhere that handles the initial oAuth loop.

Normally you would use

As this provides a user token and a refresh token, so you oAuth once, store the two tokens then use the refresh token as needed. (oAuth validity for a chat bot is checked at bot connected to chat, so you only need to refresh when the bot boots before it connects to chat). Normally this token is valid for four hours, but when it expires the bot is not disconnected from chat.

This is intended so you can get started with running the example bot code quickly and skip learning authentication. You wouldn’t use this in production/on a live bot, as twithcapps uses implicit auth, which doesn’t give you a refresh token, so every 60 days you then have to manually go thru their flow to get a new token and load it in. And sods law $bigStreamer is using your bot, they go live and you haven’t loaded in the new oAuth token and they have no bot.

As the bot can’t auto remake the token with the client secret/refresh token, since you don’t get those from twitchapps

MountainRiderAK · June 11, 2020, 12:02am

When I try to pass the “access_token” using this code:

    await self.send_data(f"PASS {access_token}")

I get the following error message:

2020-06-10 20:00:17.371873: twitch_chat_bot.py:    96: DEBUG  : :tmi.twitch.tv NOTICE * :Improperly formatted auth

Once again, the bot isn’t going to open a web browser and log into Twitch. And no matter how many times you paste that link into your answers, it doesn’t make it any more helpful.

BarryCarlyon · June 11, 2020, 12:05am

You need to create a webpage to collect the initial auth. Then the initial auth is given to the bot to use and connect to chat.

Then when that token expires you use the refresh token to generate a new token.

For IRC the token needs to be preceeded by oauth:

await self.send_data(f"PASS oauth:{access_token}")

This is covered in the Connecting to IRC docs

MountainRiderAK · June 11, 2020, 12:06am

When I change the code to this:

    await self.send_data(f"PASS oauth:{access_token}")

I get this error message:

2020-06-10 20:06:52.121820: twitch_chat_bot.py:    96: DEBUG  : :tmi.twitch.tv NOTICE * :Login unsuccessful

BarryCarlyon · June 11, 2020, 12:07am

Then the token is invalid, or doesn’t have the correct scopes applied to the token to allow the program to login

MountainRiderAK · June 11, 2020, 1:06am

You need to create a webpage to collect the initial auth. Then the initial auth is given to the bot to use and connect to chat.

Do you have an example web page I can use to do this? Ideally, it would be nice to see the source for Twitch Chat Password Generator.

BarryCarlyon · June 11, 2020, 1:36am

Is a NodeJS/Javascript example of such a server

You can look at the source for TwitchApps/TMI, is uses implicit auth, which consists only of a link to Twitch, but it’s token cannot be auto refreshed.

It works the same as

FabioRosado · June 13, 2020, 10:17am

Not sure if this will be of any use to you MountainRiderAK, it seems you have some issue with the Oauth logic and implementation with Python.

I got an open PR with a WIP Twitch connector for opsdroid, perhaps you could have a look at the code and see what I am doing, bear in mind that this is a WIP PR so I am probably going to change things around still.

github.com/opsdroid/opsdroid

Add Twitch Connector

opsdroid:master ← FabioRosado:twitch

opened 01:05PM - 25 May 20 UTC

FabioRosado

+2021 -0

# Description This is the initial commit for the Twitch connector, there …is still a lot to be done like writing the tests and create the documentation for it. I'm raising this draft PR to get some feedback on the word done and if I can improve things a bit more. This connector is pretty big because I'm using a lot of things. Twitch has different ways to do stuff so we are using webhooks to get 3 events, then calling the API to update channel titles and websockets to listen to the chat. I thought about what other bots do and what could be cool to include and that's the reason this connector grew so much haha ## Things still to be done - [x] Update documentation - [x] Write tests for the whole connector - [x] Test most of the features on Twitch (did some but still need further testing) - [x] Write the `skill-twitch` to handle different events and actions - [x] Figure out why websockets throw exception when exiting opsdroid - [ ] Add ssl support to connect to websockets - still need to figure out how to do that. - [x] Check if every logger contains `_()` - [x] Figure out and implement `hub.secret` check when handling webhook response - prevent folks from sending data that wasn't sent by Twitch. - [x] Connect to the chat service only when streamer went online. - [x] Handle aiohttp status code != 200. Currently I'm assuming everything works fine - that is BAAAAAD ## Notes - `config['forward-url'] - Added this so we can still run opsdroid on localhost and use ngrok or serveo forwarding urls as a callback when subscribing to webhooks. - `token` expires after 24 hours so we will refresh token when it expires and will re-subscribe to webhooks - `twitch.json` - saved data on appdir `data` to keep the oauth token and refresh token saved so we can get/set - We should really only connect to the twitch irc whenever a streamer goes live, it's unlikely that we will do anything with the chat until we are online. I need to check if the webhook will still receive data from Twitch after the oauth token expired (but the webhook lease is still going), that way we can keep the 'refresh' token code on the websockets connect method Every time we send something through websocket the command is very similar, should we just create a helper method to send messages to the websocket? Will this improve readability? ## Status ~~**READY**~~ | **UNDER DEVELOPMENT** | ~~**ON HOLD**~~ ## Type of change - Bug fix (non-breaking change which fixes an issue) - New feature (non-breaking change which adds functionality) - Breaking change (fix or feature that would cause existing functionality to not work as expected) - This change requires a documentation update - Documentation (fix or adds documentation) # How Has This Been Tested? - Test A - Test B # Checklist: - [ ] I have performed a self-review of my own code - [ ] I have made corresponding changes to the documentation (if applicable) - [ ] I have added tests that prove my fix is effective or that my feature works - [ ] New and existing unit tests pass locally with my changes

Let me also mention that in the PR we are using async code and I am using aiohttp.websockets support - if everything that you need is to listen to the chat server then the code that you want is the connect_websocket.

Also I am currently using user oauth tokens instead of app one and will change things around in the very near future. In regards to getting the access_token and how I am getting my access token locally you can have a quick look at the documentation on that PR it should explain things a bit - this will be removed in the future.

Hope this helps

system · July 13, 2020, 10:17am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.