Oauth2: twitch.tv/login vs passport.twitch.tv/sessions/new


#1

Hello,

I’m trying to debug an app I didn’t write… and I don’t have that much experience. I have a production version of the app running fine, and i’m trying to run a test version on a different server.

The problem lies with the authorization process.

Here’s the issue as far as I can tell: upon providing the authorizaion url (starting with https://id.twitch.tv/oauth2/authorize), in case no Twitch user is logged in, the browser loads…

The app is made to work with passport.twitch.tv/sessions/new, not the other url. but I can hardly find any reference to it out there?.. except I read somewhere it’s an undocumented endpoint?

Why would the same auth url load different pages during the auth process?

Is it good practice to use passport.twitch.tv/sessions/new at all?


#2

You shouldn’t need to touch any Login page as it’s completely out of your control.

The auth process involves sending the user to https://id.twitch.tv/oauth2/authorize with all the params for your app. If the user isn’t logged in to Twitch then that is handled on Twitch’s side of things as the user is on Twitch’s site, your app shouldn’t be interfering with that login process in any way.

When the user accepts/denies connecting their account to your app they’ll be redirected to your redirect url, and it’s at that point your app should complete the auth process. What happens between sending the user to Twitch, and them being redirected back to you, is completely out of your control.


#3

Hmmm I definitely need to look into this more in depth. Thanks for your reply.