Adding Device Code Flow to supported Authentication flows

Today we are pleased to announce that Device Code Flow (DCF) has transitioned out of closed beta and is now generally available to all third-party developers. This is a meaningful addition to our existing authentication methods as it enables browserless clients and clients that live on a user’s machines to directly authenticate with Twitch, such as set-top boxes, games, and Electron apps.

What is DCF?

Device code flow (DCF) is an OAuth 2.0 authentication method designed for devices with limited user interfaces, allowing users to authorize access via a separate device and obtain access tokens for secure API interactions.

DCF supports both a public and confidential model, allowing you the flexibility to support your integration across multiple device types.

How does it work?

DCF functions in a similar manner to our current authentication model in that it provides a means for users to allow or deny an application access to their information. There are two main differences with DCF compared to other authentication methods:

  1. DCF requires a user to enter a code provided by the application to authenticate.
  2. DCF supports a public mode (i.e. no client secret), and a confidential model (i.e. client secret). Which one you use will most likely depend on where it is located (i.e. client side vs server side). The option to choose between public and confidential models has been added to the application creation process in the Twitch developer console.

How do I get started?

Head on over to our documentation which will guide you through the steps needed to get up and running.