Using the implicit auth flow with a static single-page app

I have a single-page app that’s written in rust and served from github pages or bundled as a native executable using web-view.

My app requires the client to log in with twitch but I’m facing an issue with the implicit auth flow - namely the way the api works (using redirect urls) can’t work for my app when it’s packaged into a native binary (no web server involved in both cases) and possibly for the case where I serve my app as separate files (still statically) using github pages.

How do I get around this?
If I recall correctly what chatterino does to get around this is have a separate web service that uses the implicit auth flow and serves a page with the client id & secret for the user to copy, and then the native app can extract the relevant values from the clipboard.

The main caveat with the approach I detailed above is that sensitive values can be shown on stream by mistake.
Is that my only option or am I missing something?

With your native executeable can you do something like Electron does to register a HTTP Protocol/custom URI handler to intercept

Thanks for the answer!

I guess that could work for the native case, and then for the web case I might be able to get away with setting my github pages url as the redirect url and parsing document.location.search.

EDIT: after some research I think a custom protocol handler is a bit overkill for my needs, since I’ll only be using it for the login redirect.
Although since my app is a music player I might consider having a custom protocol to open songs directly in the native wrapper, that could be interesting.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.