Hi,
I use passport OAuth2Strategy authentication in our application for twitch users login.
But user profile doesn’t contain email address info.
I was reading through forums and I make you sure I verified my email address(test twitch account).
Could somebody help?
Thank you
As in Node JS Passport Strategy?
You may wish to refer to this post
Fairly sure that passport strategy is out of date for changes made to how Twitch Auth works, but I could be wrong, I don’t use it myself.
The docs cover how to perform authentication.
It doesn’t give an opinion on how to session manage or which language to use. (Passport Twitch provides an opinion)
Twitch Auth uses “standard” oAuth that you would find on many sites that authenticate via a third party
State normally acts as a nonce, a “single use” session token to prevent CSRF attacks.
As …
Where I covered the issue more extensivly
WLG3R
October 4, 2019, 2:01am
3
I just did a test. The https://id.twitch.tv/oauth2/userinfo endpoint does NOT show email address. You will need to call to the Kraken or Helix API with the correct scope to get the email. So even if you make an updated passport strategy, it won’t pull email.
EDIT: See Barry’s Response. I was just checking an auth token with and without. I didn’t add scopes to the token request.
Hi Both, thanks for help. I found out what was the cause of this issue.
in the example I used https://github.com/twitchdev/authentication-samples/blob/master/node/index.js
the request was done to https://api.twitch.tv/helix/users and this is twitch new API.
But in the example they specify scope user_read and this is twitch API v5.
So I tried to set scope to user:read:email and it deliveres then email address.
passport.use(‘twitch’, new OAuth2Strategy({
authorizationURL: ‘https://id.twitch.tv/oauth2/authorize ’,
tokenURL: ‘https://id.twitch.tv/oauth2/token ’,
clientID: config.twitch.twitch_client_id,
clientSecret: config.twitch.twitch_secret,
callbackURL: config.twitch.callback_url,
state: true,
scope: ‘user:read:email’,
passReqToCallback: true,
}
THIS INFORMATION IS WRONG
It will if you make the correct claims under openID auth
You don’t need to do that. Please refer to the claims section of OIDC
I construct the following URL to redirect people to:
var url = oidc_data.authorization_endpoint
+ '?client_id=' + client
+ '&redirect_uri=' + redirect
+ '&response_type=code'
+ '&force_verify=true'
+ '&scope=openid'
+ '&state=' + encodeURIComponent(req.session.state)
+ '&claims=' + JSON.stringify({
userinfo: {
email:null,
email_verified:null,
picture:null,
preferred_username:null
}
});
Where oidc_data
is fetched from https://id.twitch.tv/oauth2/.well-known/openid-configuration
Making a call to oidc_data.userinfo_endpoint
I get:
system
Closed
November 3, 2019, 2:37pm
6
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.