Device Code Flow documentation fixes

Just wanted to point out some things to fix in the authentication documentation for the device code flow (DCF) specifically:

  1. For the “Obtaining the refresh token/access token pair” section here, it says the grant_type must be set to device_code, but that’s incorrect, it needs to be set to urn:ietf:params:oauth:grant-type:device_code like in the curl code example right below that

  2. In the Refreshing Access Tokens documentation, client_secret is marked as required. However, if using a refresh token from DCF, client_secret is not required, so there should be some clarifcation there specifically for DCF.

  3. This is more of a question of how redirects should work in DCF. In the Twitch dev console, an OAuth Redirect URL is required for a developer app. However, this doesn’t seem to be used at all in the DCF, instead users are redirected to after authorization. Is this how it’s meant to work? Because it would be nice to instead redirect to a URL on my website that simply says something along the lines of “Authentication Successful! Please return to your device.” or even some kind onboarding page for next steps after authentication.

1 Like

Most of these are known/pending iirc

Documentation issues can/should be filed on Issues · twitchdev/issues · GitHub

If the users clicks “don’t auth” they get sent there

and/or if you are using the clientID for “regular” auth it’s used.

Otherwise on DCF success it’s sent to the Twitch connections page, which last I checked didn’t show a useful “yay” message.

Conceputally for DCF there isn’t a webpage for most developers to go to for your own messaging so shrug not sure 100% meself

1 Like

thanks, I’ll create these as issues on that github

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.