It’d be great if someone could confirm that what I’m doing is correct. I’m trying to figure out how to get the Twitch username of viewers to my backend service.
I can see that in this case the auth object contains a property userId. Is this property guaranteed to exist and be in the format U######## if the Twitch user is logged in?
Am I right in my understanding that I can send this userId to my backend service, which could then query the Twitch API at the Get User by ID endpoint to retrieve the username from that user ID?
Are there any extra permissions that need to be granted from the viewer for my extension to retrieve their username in this way?
Follow up question: does this mean there isn’t anything protecting logged-in viewers from having their IP exposed? Since viewers hit backend services directly and those services have access to their username, what is stopping any extension from building tables of username → IP associations? Are extensions disabled by default per channel and require viewers to opt-in?
EDIT: Seems that viewers have to explicitly grant extensions the permission to see their user ID. See here:
Im trying to figure out how to get the “real” userId.
I do have granted the permission to see the user ID but the userId i get back from onAuthorized is UXXXXXXXXXXXX where X is not numeric (not a valid twitch id then) .
window.Twitch.ext.onAuthorized(
function(auth){
var parts=auth.token.split(".");
var payload=JSON.parse(window.atob(parts[1]));
if (payload.user_id) {
// user has granted
jQuery.get('https://api.twitch.tv/kraken/users/' + payload.user_id, <etc>
} else {
// user has NOT granted
}
}
);
And do the Twitch Lookup if I don’t have a recent username cached. As well as return other user information, but different things for differnet use cases/extensions
I did, here is the code I added - what is wrong with it?
window.Twitch.ext.onAuthorized(function(auth) {
console.log(‘The JWT that will be passed to the EBS is’, auth.token);
console.log(‘The channel ID is’, auth.channelId);
console.log(auth);
var parts=auth.token.split(".");
var payload=JSON.parse(window.atob(parts[1]));
if (payload.user_id) {
// user has granted
$.ajax({
url: 'https://api.twitch.tv/kraken/users/' + payload.user_id + "?client-id=2wo1au2eakivi3mww1cmjts5eraj2p",
method: "get",
headers: {
"Client-ID":"2wo1au2eakivi3mww1cmjts5eraj2p"
},
success: function(data){
console.log(data);
}
});
} else {
// user has NOT granted
}
When provided as a querystring param it’s client_id, not client-id.
Also, the documentation for the API reference is actually pretty good (some of the non-reference pages could use quite a bit of work), it’s just that you’re using the client id in a querystring param when all the examples for almost all endpoints show to use a header (and once v5 is removed and you need to use Helix, providing it in a header is the only way)
Great! Ended up getting it. It was a little unclear about having the client id as header from the docs. I guess I was just going in circles with the API docs because of this transition of v5 to current. A lot of other links were dead ends so it was very frustrating.
Anyway, here is what I ended up with, makes a ton of sense now: