I’ve never used an external site as a log in service before, but I’m working on a project that is only to be available to Twitch users, so I’ve implemented the API such that instead of making an account on my site, you simply click “log in with Twitch”, much like Streamlabs’ website and so on.
What I need specifically is the user’s handle, ID number, and profile picture.
It works, but it’s just so roundabout that I have a niggling feeling I’ve missed the point somewhere - especially since I had to go through so many different pages of information, including deprecated ones, to get to this point.
My login flow works like this:
- send the user to https://id.twitch.tv/oauth2/authorize?response_type=code, have them accept the authorisation, get sent back to my login page
- take the code= from the GET request and send it to https://id.twitch.tv/oauth2/token with my client secret to get an OAuth code
- take the resultant OAuth code and send it to https://api.twitch.tv/kraken/ to get the user’s login name
- get the user’s login name and send it to https://api.twitch.tv/helix/users?login= to get the user’s ID, profile picture, etc
Just sanity checking that I really do have to make four separate requests to get this information, and that I’m not missing an easier way.