OAuth sanity check

I need a sanity check.

I have been working on my site, which uses twitch for logins. Part of the site is also supposed to be able to chat as a logged in user. I can log into the site using the login url that I have

https://id.twitch.tv/oauth2/authorize?response_type=code&client_id=<CLIENTID>&redirect_uri=<REDIRECTURL>&scope=openid+bits:read+clips:edit+user:edit:broadcast+user:read:broadcast+user:read:email+channel_check_subscription+channel_commercial+channel_editor+channel_read+channel_subscriptions+collections_edit+chat:edit+user_read+user_subscriptions+viewing_activity_read

(I am aware that I am asking for a lot of scopes. Working on that. )

Considering that, as I have chat:edit, I SHOULD be able to chat as that user yes? Do I have to use the implicit auth flow somewhere as well? Any time that I try to chat using oauth:<access_token> that I get from twitch, the code I want to use to chat doesn’t work, but using a code from https://twitchapps.com/tmi/ (which uses the implicit) works.

As per the scopes documented here

chat:edit is correct, for sending.

But that is way way way too many scopes… What are you building a competitor to the Twitch Dashboard :stuck_out_tongue:

In addition, you might want to look at just embedded chat instead of going oAuth. As documented:

You probably don’t need the chat oAuth scopes at all.

Thanks for the sanity check.

as for the what am I doing, I am attempting to build a “program your own bot” site.

Respond to many different inputs and use many different outputs. from chatting in the channel, to changing the title.

Example: Mod drops a strawpoll in the chat. The bot picks it up, reposts it every so often, and after a period of time, announces the winner. The title and or game is then changed to reflect the results.

I originally looked at the list and added what I wanted to eventually add (bit off more than I could chew), but for now I am going to trim it down and just trey to get what I can working, then add as I build up.

Keep in mind it looks like you are using the old way of authenticating. V5 API is now deprecated.

Looking at the API, it doesent appear as if the new API has anything like the openid from the V5. What do I use instead? Do I just go with something like chat:edit and assume that, because I have edit permissions, it is a logged in user? It makes logical sense, but it feels less secure than specifying openid.

so, after some digging, I literally just took what twitchapps.com did for scopes (minus the deprecated one) and added them to mine after removing currently unimplemented scopes. Current scopes
“scope=openid+user:read:email+chat:read+chat:edit+channel:moderate”. I am now able to use the key that I get from twitch to chat in chat.

No he’s just used some scopes for v3/v5 which isn’t going away anytime soon as the Kraken removal date is no more.

OpenID is an authentication method, it belongs to neither v3, v5 or helix.

Thats why I liked to the scopes list here

So you can pick and choose more succiently

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.