Read the developer Notes // still stuck


Hi Guys,

Sorry first time trying this, and I’ve been slaving at it for a couple hours now.
I used this website
For the foundation of building it, it redirects, and I get access for the accounts that just got in if I go to to the (privacy settings on accounts I tested).

However, I’m stuck as to how to access the data from the users on my website? When I console.log
(req.session && req.session.passport && req.session.user)
Those different sections in the failed redirect, only the req.session contains any data. which is
{ path: ‘/’,
_expires: null,
originalMaxAge: null,
httpOnly: true },
‘’: { state: ‘*******’ } } //blurred out state as I’m unsure what this is

Am I approaching this the right way? I read over the developer notes, and none seem to take this approach. However, I’m not fully understanding the developer notes in terms of steps. (it recommends using get and the long URL, but I have no idea how to approach that situation), because wouldn’t the get be pointed to your localhost (’/’) and not the website?

Sorry if this is unclear, any help would be greatly appreciated.


Fairly sure that passport strategy is out of date for changes made to how Twitch Auth works, but I could be wrong, I don’t use it myself.

The docs cover how to perform authentication.

It doesn’t give an opinion on how to session manage or which language to use. (Passport Twitch provides an opinion)

Twitch Auth uses “standard” oAuth that you would find on many sites that authenticate via a third party

State normally acts as a nonce, a “single use” session token to prevent CSRF attacks.

As per this (after a google for “passportjs get user from session”)

The user is in res.user

Sure it’s one approach

A common misread of the Documentation/lack of understanding of oAuth

Step 1) Perform a GET redirect (not a POST redirect) to Twitch
Step 2) Check if a code is present in the question string after returning to your callback
Step 3) Perform a server to server POST request to exchange the code for an access token.

Finally I checked the default installed for passport-twitch is for an unmaintained version. A more up to date version is here

which itself hasn’t been updated since March last year

OAuth2Strategy doesnt provide email in user profile

Thank you for the detailed response I appreciate it. Will be going through this now.


Okay, I managed to get this working, implementing a lot of what you said.

So I get the JSON object returned, and thats all fine and dandy. Is there a simple way with this strategy that I am able to implement a quick line of code to find out what their tier of subscriber status to my channel is and add that to the json object?


Subscriptions api is documented here