User login flow: https://passport.twitch.tv/integrity 400 with erc 2025

Hello,

The following 400 is received during our in game login flow.

https://passport.twitch.tv/integrity
Request Method: POST
Status Code: 400 Bad Request
Referrer Policy: no-referrer-when-downgrade
{
    "error": "Oops! We encountered an unexpected error. Please try again.",
    "errors": ["Oops! We encountered an unexpected error. Please try again."],
    "error_code": 5025,
    "error_description": "integrity failed"
}

(It used to work, this is not a new dev).
I was not able to find anything about that error code.

After comparing the network messages with a simple browser login flow, I noticed only 2 differences:

  • game browser is CEF v84 (latest chrome is 105)
  • referer is only https://www.twitch.tv on the browser flow, compared to the game flow:
Referer:
https://www.twitch.tv/login?client_id=<REDACTED>&redirect_params=client_id%3D<REDACTED>%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%26response_type%3Dcode%26scope%3Duser_read%2Bviewing_activity_read%2Buser%253Aread%253Abroadcast%2Buser%253Aedit%253Abroadcast

Any hints on the meaning of erc 5025 would be appreciated.
Please find below detailed headers.

Thanks,
Guillaume

CEF is not a supported browser

https://twitter.com/TwitchSupport/status/1575571090994102272

For this sort of operation you should open launch the “proper” web browser (allowing the user to inspect the SSL cert/etc accesing password managers etc)

Then returning to your game from the web browser passing the token into your game.

  • CEF is not a supported browser
    Do you mean CEF is explicitely forbidden by your APIs?

  • Could you provide details on the 5025 error code?
    Should we consider that as a “Browser not supported” error? Is the associated error message purposedly opaque?

Regarding the external browser launch solution, it looks like just adding friction to players.
(Password manager has added value though)

What we are considering so far -for future documentation and fellow developers -

With redirect to game client

  • I’m concerned that returning the access token back from an external browser to the game will be clunky, with behaviour such as notifications hidden/blocked by the browser “are you sure you want to invoke steam://mygame/params?XXX”
  • That’s likely not gonna work on game consoles

With redirect to game services

  • The client auth token will be exposed out of the game (in URL)
  • Try pulling token from services when focus returns to the game window
  1. I’m not staff so I cannot speak to Twitch’s API’s. I’m just another third party developer.
  2. You are not calling an API you are embedding the Twitch main website in a “not supported browser”
  3. It’s not forbidden per sae, it’s just not expected to work as Twitch doesn’t test there and/or thinks the browser is a bot or something. Short of the “bad security for users” standpoint.

If login doesn’t work for some reason (unexpected error) then it’s likely a browser not supported/blocked issue.

Speculation: yes

perhaps but is more secure and trustworthy by users

If you launch an external browser, the likely hood is that the user is already logged into Twitch.

So if you launch an external bnrowser the user clicks one button (it not prior authed)
Then come back to the game

otherwise

If your embed the Twitch website.
The user has to login
Find their password from their password manager
Then two FA in
Then click the accept dialog
Then come back to the game

Not too much you can do that especially with the recent supported browser changes

I can think of a number of ways to bypass that paticular invoke issue.

sadly yeah, you’d have to auth to your own system. and link Twitch to your account system. Which is usually what the bigger guys do (especially if running Twitch drops for inventory unlocks for example)

But if you are read only then you just need the channel name. Not a full token. So do you really need a token if you are only reading chat spam messages? (Yeah this depends on the use case)

i have a similar problem using the chrome browser

For help and support with the chrome browser and using the Twitch website please contact Twitch Support not the third party developers forum. You are in the wrong place - https://help.twitch.tv/

This topic was automatically closed after 30 days. New replies are no longer allowed.