I’m currently trying to authenticate with twitch in a native/client app (not mobile, also cannot be executed since it’s just a hotloadable module of a system).
Since I cannot store the client_secret in the app (it’s a public client) I should be able to use PKCE but apparently twitch does not support that.
What is another good way to implement this with the same quality of life to the user?
Implicit flow would require some js and complicate the local temporary webserver a lot.
Also refreshing would require user input.
It doesn’t require running a web server, your app would just need to generate a device code, tell user to go to a link and enter it (and they can do so on any device, it doesn’t have to be the one your app is running on), and confirm the scopes and connection to your app. On your apps side, you would just need to poll an endpoint to check if the user has authed after generate the code for them to use, if they have you’ll get back an Access token and Refresh token to refresh client-side without needing a client secret (it does require you create a Public app though, rather than a Confidential app)