Distributed Desktop application oAuth2


I’m developing a simple desktop application that I would like to distribute for others to download but I’ve hit a bit of roadblock with oAuth.

I’ve considered several approaches here that have problems:

  • I cannot use a custom protocol in the redirect URI that the app can then capture because twitch only allows http.
  • I cannot just set the redirect URI to localhost:port because if I were to distribute my application I would have no guarantee of the port the application was running on.
  • I cannot use the OAuth2 Device Flow because twitch does not currently support it, or at least there is no documentation confirming support.

My question is, is there a secure way to authenticate using an OAuth2 flow without having to use a remote web server that provides an appropriate redirect URI? Seems like a lot of trouble for something quite trivial.

I’ve read elsewhere on the forum about a method of capturing the url in the browser and sending this your local client but I’m not really understanding it properly. Doesn’t the redirect uri parameter still need to be something valid regardless?

Would appreciate any advice.

Three solutions:

  1. Run oAuth via a server and the server redirects to your custom URI as needed
  2. With Electron you can monitor the URL’s a popup is loading intercept and shutdown the popup window
  3. Use an accounts system, so people link Twitch/their account somewhere else and your app uses your account system to login and fetch the Twitch link data

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.