Is this really the right way to use Twitch as a log in service...?


#1

I’ve never used an external site as a log in service before, but I’m working on a project that is only to be available to Twitch users, so I’ve implemented the API such that instead of making an account on my site, you simply click “log in with Twitch”, much like Streamlabs’ website and so on.

What I need specifically is the user’s handle, ID number, and profile picture.

It works, but it’s just so roundabout that I have a niggling feeling I’ve missed the point somewhere - especially since I had to go through so many different pages of information, including deprecated ones, to get to this point.

My login flow works like this:

  1. send the user to https://id.twitch.tv/oauth2/authorize?response_type=code, have them accept the authorisation, get sent back to my login page
  2. take the code= from the GET request and send it to https://id.twitch.tv/oauth2/token with my client secret to get an OAuth code
  3. take the resultant OAuth code and send it to https://api.twitch.tv/kraken/ to get the user’s login name
  4. get the user’s login name and send it to https://api.twitch.tv/helix/users?login= to get the user’s ID, profile picture, etc

Just sanity checking that I really do have to make four separate requests to get this information, and that I’m not missing an easier way.


#2

Steps 3 and 4 can be combined into a single request to the Helix Get Users endpoint.

If you use the User Access Token as the Bearer token to that endpoint, and not provide either id or login querystring params, it’ll return the user doc associated with the access token.

The returned results from that endpoint include the users ID, username, display name, and profile url as well as some other details so should be what you are after…

Alternatively, if you want want to use the OIDC code flow for authentication, you can use the claims param as documented to also get the info you’re after as part of the auth request.


#3

Fantastic! That looks a lot neater, now, and saves a request per login.

Thanks very much!