So, my current flow is that I have the user authenticate, and it redirects me to “website.com?/#access_token=1234567890ABCDEF”. I want to be able to use the user’s ID at this site, so can I either:
A) Use the OAuth token to get back the broadcaster its tied to? (Probably not a secure idea, but I’ll still ask)
B) Have the site pass an additional parameter that is just the user ID?
I know there’s a parameter called “state” that I can specify. If I read the doc correctly, the idea is to give it some token that I made, and then have it get sent back as a security precaution. Would it be possible to use the user ID for that, or at least embed it in “state” without it being a security problem?