I wanted to give you all a heads up that we’ll be making some changes in the coming weeks with how users will connect to our chat servers.
We’ll be ditching our flash-based web client in favor of a websockets implementation.
We’ll be adding ports to our servers which will require TLS connections (for both websockets and IRC clients).
We will provide legacy flash support for browsers which don’t support websockets, which means we will also, in the short term, provide plaintext IRC ports for clients to connect to. However, we’ll be strongly encouraging all IRC clients and bots use the new secure IRC port 6697 when it becomes available. During this process we’ll likely be announcing new IP addresses and retiring old ones as well.
We’ll provide more details as these changes come closer to fruition.
If you’re going to require secure connections for TMI, then make sure to publish your SSL fingerprint(s). Otherwise, connections are still vulnerable to MITM and just introduce more overhead on both sides.
We have no intention on making our public fingerprint private. And though I can’t go into much detail, the quakenet article makes several assumptions (some stated, some implicit) that don’t hold in our case.
Heads up, you’ll notice some new fields in our chat_properties endpoint which we plan on starting to use tomorrow http://api.twitch.tv/api/channels/lirik/chat_properties You can expect the addresses in these lists to be changing some over the next few weeks.
Will bots be required to poll for a channel’s available server IPs before connecting?
This will be my first attempt at making a TLS connection, is there any Twitch specific documentation that helps with this process?
If you are building an application around chat then it would be recommended to pull for an available server so you don’t have to worry about manual changes. As it stands now, server changes do not happen very often.
Did you guys recently enable and disable the HTML5 chat functionality? I swear I used it on Safari without Flash, but it’s asking for Flash again for the last few days.
Well, for one without SSL you also send the oauth token to log into chat unencrypted, which at least has chat access but possibly also other scopes associated with it. It could of course be revoked if someone unauthorized would get hold of it, but some damage could already be done.
is a version of chat website that uses web sockets now ready for testing? if so what is the url? I’m trying to embed the chat page into a my application using chrome embedded framework but it doesn’t like the flash sockets.