Device Code Flow documentation fixes

Just wanted to point out some things to fix in the authentication documentation for the device code flow (DCF) specifically:

  1. For the “Obtaining the refresh token/access token pair” section here, it says the grant_type must be set to device_code, but that’s incorrect, it needs to be set to urn:ietf:params:oauth:grant-type:device_code like in the curl code example right below that

  2. In the Refreshing Access Tokens documentation, client_secret is marked as required. However, if using a refresh token from DCF, client_secret is not required, so there should be some clarifcation there specifically for DCF.

  3. This is more of a question of how redirects should work in DCF. In the Twitch dev console, an OAuth Redirect URL is required for a developer app. However, this doesn’t seem to be used at all in the DCF, instead users are redirected to https://www.twitch.tv/settings/connections after authorization. Is this how it’s meant to work? Because it would be nice to instead redirect to a URL on my website that simply says something along the lines of “Authentication Successful! Please return to your device.” or even some kind onboarding page for next steps after authentication.

1 Like

Most of these are known/pending iirc

Documentation issues can/should be filed on Issues · twitchdev/issues · GitHub

If the users clicks “don’t auth” they get sent there

and/or if you are using the clientID for “regular” auth it’s used.

Otherwise on DCF success it’s sent to the Twitch connections page, which last I checked didn’t show a useful “yay” message.

Conceputally for DCF there isn’t a webpage for most developers to go to for your own messaging so shrug not sure 100% meself

1 Like

thanks, I’ll create these as issues on that github

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.