I made a little CRUD web app in Polymer/LitElement for a chatbot that i created. The bot has an amount of commands, and i thought it would be cool to have a little gui where you can update/add/delete commands.
So far so good. I’m trying to secure the site by making the user login via twitch, and making an api call to see if the user is a mod or not. If the user is a mod, they will be able to update/add/delete commands, if not, they wont.
I’ve been looking at this: https://github.com/twitchdev/authentication-samples/tree/master/node
and played around with it a little bit, but im not entirely sure how to implement it in my app.
So what i have is a Polymer frontend, and an express server. I’ve implemented the code above into my own project, added my client id etc etc, and it works fine if I go to: localhost:3000/auth i get to see the ‘connect to twitch button’. If I click it, it redirects me to the login to twitch page, and after success it redirects me back to ‘/’.
I’ve implemented the code to check if the user is a mod as well. I tried to save that data to a session by doing:
req.session.ismod = true;
But then if i request my /api/commands endpoint (which requires the user to be a mod) from my frontend, and console log ‘req.session.ismod’, its undefined.
Im fairly new to authentication/session stuff, but I’m hoping someone with more experience could show me the ropes a little bit and hopefully point me in the right direction.