App authentication on order to get access_token

I have a chat bot written in .NET/C#, it doesn’t use web browser and all communication is done via Twitch API. I decided to add functionality for setting stream title and game. This requires authentication and and corresponding scope usage (channel_editor).
I have client_id, client_secret, OAuth token. Also bot is set as moderator on my channel, but it still needs to be authenticated in order to get access_token which is required for “PUT /channels/:channel/”.

There’s no need in authentication for data read, in some cases OAuth may be required. But in this case it intends to update channel data. When I try to get access_token I’m redirected to app authentication page instead of being redirected to page with code (https://[your registered redirect URI]/?code=[CODE]). But I cannot authorize it because I see this page only in httpWebResponse as byte array.

So here is how I do it [Authorization Code Flow]:
String.Format(“{0}&redirect_uri={1}&scope=channel_editor&state={2}”, CLIENT_ID, REDIRECT_URI, OAUTH_TOKEN);
var httpWebRequest = (HttpWebRequest)WebRequest.Create(url);
httpWebRequest.AllowAutoRedirect = true;
httpWebRequest.Method = “GET”;
using (var httpWebResponse = (HttpWebResponse)httpWebRequest.GetResponse())
//response URL is expected here

I also tried Implicit Grant Flow, but result is the same. Bot needs authentication.

Is there any way to get access_token in order to set stream title and game? Or what am I doing wrong?

There’s no way around the browser requirement, but you can get a token outside of the bot and then place it in its configs/settings/whatever. One option would be to make a website to handle the authorization, which would then send the token to the bot automatically.

I tried to retrieve token in the browser and save it (let’s say in DB). But it seems that this token expires after one usage in any web request. Because next request demands new token or authentication.

Twitch oauth tokens do not expire.

Sounds like you are storing/recalling the code instead of the access token.

The code can be redeemed for an access token once.

You should then store the access token and use that for subsequent requests.

Auth flow is:

  • Generate Auth URL
  • Redirect User to Twitch
  • Twitch returns to callback url with code
  • Exchange code for access token
  • Store and use access token

Oh, it seems I understood what I was doing wrong. I need to go through the flow as described for “Authorization Code Flow” up to the step with the following response:

“access_token”: “[user access token]”,
“scope”:[array of requested scopes]

And use this access_token in PUT request scenario for setting channel title. And this is the token which doesn’t expire as 3ventic said. Am I right?

Thank you for detailed explanation.

You got it :slight_smile:

The returned access_token is what you use in the PUT Request

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.