I’m developing an IRC bot and I decided to add support for Twitch chat. Within the confines of TMI/IRC, everything works fine, provided the user supplies an OAuth to log in.
Inspired by other popular bots I eventually started looking into using the API for richer commands, concretely !followage. I registered the application and got a client ID, and got it working (although it’s still very much a work in progress). But then Requiring OAuth for Helix Twitch API Endpoints happened and now the ID isn’t enough.
TL;DR: Where do I get an OAuth key to authorize simple queries? The one used to log onto IRC did not seem to be it.
I intend to let anyone download the source, compile it and run the bot as they please.
The only way I found to achieve this was to generate a client ID, generate a client secret, then use both to request an authorization token from https://id.twitch.tv/oauth2/token with grant_type “client_credentials”. With the returned authorization token as Bearer, everything works.
But the docs page on getting oauth keys says client_credentials should be requested “only as a server-to-server request, never in client code”. Additionally, it would mean that every user would have to each separately register the same application for a unique client ID to get the client secret, and ultimately an oauth that still expires in 60 days.
I only need enough to let the client query public information like https://api.twitch.tv/helix/users/follows, https://api.twitch.tv/helix/users and the such. I’m fine with refreshing tokens, but I can’t just hardcode a secret into the program.
I’m probably missing something. Is there an easier, less roundabout way?
On GitHub: https://github.com/zorael/kameloso