Scope for just username?

Hey all,

First of all let me apologize as I’m relatively new to Oauth and web development in general. I have used a library to generate an authentication service with twitch for my webapp, and all is working great.

The only problem is currently I pass nothing for the ‘scope’ parameter of my API request, and it is requesting email and stream key in the authorization of the login. A lot of my users would definitely be uncomfortable allowing me access to certain things, so I wondered if there was one that literally just got me the username (and obviously the ability to authenticate)?

I don’t need anything else, email isn’t important to me and I think the users would be more comfortable if I didn’t request it. Is this possible? Thanks so much!

Also, here is the library I’m using; After reading the first reply I’m assuming it’s actually hitting something that it shouldn’t be based on my empty scope parameter: GitHub - if there is a line in this that I could change to only request the username, i’d be happy to make a fork and do so.

Just authenticate with no scopes specified (leave it blank, or just omit the “scope=” from your authentication URL, as I know it’s possible) and hit the https://api.twitch.tv/kraken/ endpoint with the OAuth token, there’s a value for just the username (token.user_name).

Thanks! I will play with it. I may have to fork the library im using (here) to not request stream key by default. If you disagree, please let me know

Looks to me that instead of doing this:

var scope = ['user_read', 'user_blocks_read', 'user_subscriptions']; Meteor.loginWithTwitch({requestPermissions: scope}, function (err) { if (err) console.log('login failed: ' + err) });

You can do this:

var scope = []; Meteor.loginWithTwitch({requestPermissions: scope}, function (err) { if (err) console.log('login failed: ' + err) });

Basically, instead of omitting scopes completely, you can pass an empty array.

1 Like

— See below —

So I attempted this and it’s still requesting the email address of the user (but not the stream key thankfully). It may not be possible to not request the email?

Ah, my bad. I didn’t see this one at first: https://github.com/AlexBeauchemin/meteor-accounts-twitch/blob/master/accounts-twitch-client.js#L20

I suppose you do have to fork it, as it forces user_read regardless.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.