Get info about auth origin

I’m working on a Minecraft plugin where I’m implementing Twitch Authentication.
I’ve done the redirect to Twitch part, using this URL:

https://id.twitch.tv/oauth2/authorize?
client_id=<TWITCH APP ID>
&redirect_uri=http://localhost
&response_type=code
&scope=channel_check_subscription+user_read+user_subscriptions+channel_subscriptions
&force_verify=true

Everything goes well, and I’m being redirected to this

http://localhost/?code=<TWITCH OAUTH CODE>
&scope=channel_check_subscription+user_read+user_subscriptions+channel_subscriptions

Now I need to store this code in a Database and associate it with the account from which that code has been generated, so they can use the Twitch API from MC directly. How can I do that? If I pass a random code that identifies the user, than Twitch complains about the potentially insecure host for the redirect uri, so is there some code or some way to get some information back or let Twitch now that URLs like http://localhost/a_random_code are safe?

EDIT: Nevermind, I found out the state parameter. I would delete this post but it doesn’t let me do that

You also need to do step three of oAuth, exchange the code for an access token.

And then you use and store that

The code is useless other than to exchange for an access token.

Ok, so I got the authorization token, but now what other info do I need to store in order to make requests after some time? Because the token will expire after some time, and if I try to make an API request with that token it says is expired, so I need a new auth token, but I don’t want the user to login again

When you exchange the code for an Access Token, you also get a Refresh Token that can be used to generate new keys when the old ones expire. You can do this without any user interaction, and can find the process to do this explained in the docs: https://dev.twitch.tv/docs/authentication#refreshing-access-tokens

Aaaah I see, so to be always sure I get a valid access token I could do something like this:
Save the tokens on DB
Make a request to twitch api
If request returns unauthorized I get the new tokens and retry the request

Is it correct or do I need some other steps?

You could do that, or you could store the token expiration and then periodically check your database for tokens that are near expiration and generate a new one before they expire so that way you should not get an unauthorized request in the first place.

It’s also worth being aware that if the refresh process fails it likely means that the user has disconnected their account from your app, so you would need to send them through the login process again if they return.

Understand, thank you for your answer One last thing: how do I check if a user is subscribed to a channel? Because I tried the V5 endpoint but i get the 410 response, and I can’t find an alternative in the new API

If you’re getting a 410 response it’s likely because you’re not sending the Accept: application/vnd.twitchtv.v5+json header. Kraken defaults to v3, which has now been removed, so unless you use that header to specify v5 you’ll just get that 410 error.

Also, Helix has the Get Broadcaster Subscriptions endpoint: https://dev.twitch.tv/docs/api/reference#get-broadcaster-subscriptions so if you have the appropriate scope from the channel you can see if a user is subscribed to them.

Aaaaah thank you, now it’s working. Anyway I’ve seen the Helix endpoint, but it’s the opposite case I need. That returns all the users that are subscribed to a particular channel, while I need to check the reverse, so if a user is subscribed to a particular channel (like the v5 endpoint does)

Ah okay, yeah there it’s not possible in Helix to see which channels a user is subscribed to, and we don’t currently know if Twitch even intends to implement that in Helix, so you’re limited to v5 for the time being.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.