I am building a mobile app and do not have a web server backend. I was going to use Oauth password authentication, but Twitch appears to block it on a case by case basis. When I try to authenticate, I get “Password grant not permitted for client ID”.
Since I don’t have a web server to redirect to, and since Twitch doesn’t allow redirecting to a non-http URI scheme, is it possible to get whitelisted to be able to use Password Grant? Who do I need to contact at Twitch to do so?
Twitch discontinued the Password Grant Flow, so unfortunately they will not grant any additional applications access.
As for how to go about implementing authentication on a mobile device, you would probably need to launch a local, high-port web server on the mobile device, as Twitch doesn’t support non-http(s) URI schemes that mobile devices support.
You could then configure a redirect to http://127.0.0.1 on whatever port you’ve bound to in order to grab the access code and request a token.
@gareth, if you’re referring to presentLoginViewForClientID:redirectURI:, this seems to have the same problem in that it requires a redirectURI. More importantly, it seems to be completely broken. I tried it and got error 500 passing my username for the Client ID and http://localhost, or any other address, as the redirectURI; never even got the Twitch logon.
@george, I’ll take a look…any frameworks you recommend to do this on iOS?
If it says “?code=” then that is not the final token (authorization code flow). If it says “#access_token=” then that is the final token (implicit flow).
@Praxis I believe you don’t understand how this works. You can set any URL as the redirect URL, as long as you set the exact same URL in your clientid settings as the APP. Then when you are redirected to that URL (on the client side) you read the authtoken out of the URL and fail the redirection. This is how OAuth based authentication is done industry wide.