So I’m working on an extension for Destiny 2 that requires authenticating the broadcaster with Bungie.net. I got an oauth flow happening through my EBS however I realized once I ran it through the developer rig, that the iframe sandboxing was blocking it.
I saw there was some whitelist settings in the extension capabilities section so I tried adding them to the panel.json config with no success. Does the developer rig even support whitelisting, or am I perhaps not setting it up correctly?
I set the panel whitelist config to “https://www.bungie.net/*”
The desired auth flow is as follows:
Broadcaster brings up config settings and clicks an “Authorize” button that can either open in a new tab/window or redirect to the Bungie authentication url.
https://www.bungie.net/en/OAuth/Authorize?client_id={client_id}&response_type=code
Once the user approves, it either redirects back to the config page or to an EBS endpoint where it completes the authentication and stores the details in the backend.
From where any extension views can poll the EBS to determine whether it has been authorized to use the broadcaster’s Bungie account.
Is this something that can be done with Twitch Extensions? Another alternative I thought of was doing the authentication with Bungie.net on my website and sending updates to the EBS from a client side app, but it’d be better if I could run the whole thing as a standlone extension.