RFC 6749 compliancy


#1

Hello,

In the introduction of the document regarding " Apps & Authentication" it is said that " We use parts of the OAuth 2.0 protocol.".

I would like to know if by “use parts of” it means that :

  1. Twitch implements parts of the RFC and the implementation respects these,
  2. Twitch implements parts of the RFC with some differences

Or more basically, if I implement a client that uses OAuth 2.0 protocol as defined by the RFC6749, could my client be used to connect to Twitch ?

As far as I can tell, it seems that Twitch implements and respect sections 4.1 (for OAuth authorization code flow), 4.2 (for OAuth implicit code flow) and 4.4 (for OAuth client credentials flow) with a small difference : the optional “force_verify” parameter.

So I guess that the answer to my previous question is “yes”, but could it be confirmed .

Thank you.