How to add "users" to your bot?

Hello :slight_smile:

I have created a bot who works just fine. It’s an Overwatch assistant to check identity of players who participate to contests organised by streamers directly in Twitch chat.

It’s working like a charm on my account, now I would like to “add users” to this bot but I do not know how to enable this bot to others and add the bot to their channel.

I use tmi.js to make this work and I can see a “channels” in the settings.
I went to an idea : do I need to code a frontend to get users oauth-token and store it in a database of users (streamers here)?

I found many tutorials to code and deploy, but I can’t find examples to allow new users to use your bot.

Thank you and have a great day!

The bot sends /join #channelname it’s then in that channel. So you need to figure out how/the best way for you to instruct your bot to do that

Correct. That is what I would build and have built.

Some people will use a web panel to allow people to login and add a bot.
Other people will let the bot be in the bots own channel, and casters can use !join to make the bot join their own channel.

I prefer the web panel approach since I have other bot controls in the same panel and need oauth permissions for various other things tied to the bot.

The bot at boot can load the channels to join from storage and away you go.
The bot will also need a way to be communciated with to join new channels without fully restarting the bot each time to add a new channel.

1 Like

Thank you to your quick response!

The bot sends /join #channelname it’s then in that channel. So you need to figure out how/the best way for you to instruct your bot to do that

The tmi.js seems to handle the login for me :slight_smile: you can see below the behaviour of the channels key detailed in their documentation.

Channels to automatically join upon connecting. The rate of joins is controlled by the options.joinInterval option

Therefore I think I will proceed like so :slight_smile: Fetch the array of channels I would have stored in db and pass to the bot at startup. I will follow your advice and build a small frontend.

Currently if I add a streamer channel name to this array, he/she can use my bot in chat.
But I can’t see why I do need user’s oauth token to run the bot ?

But that only handles joins at startup, not whilst the bot is running.

You don’t want to have to restart the whole bot every time someone new signs up to use your bot.

You might want to use the API for subscriber status, or the dashboard panel be used by moderators, so you’d need the broadcasters token to get moderator status from the API.

Or use EventSub to get stream online/offline status sent to your system automatically (for !uptime commands for example, why do an API call to get stream status if you already have the start time in your DB) and make the EventSub cost be 0.

Otherwise you are limited to 10k subscriptions. on eventsub, but auth’ed subscriptions are cost 0.

1 Like

Omg you are incredibly fast :grinning_face_with_smiling_eyes:

Okay if I understand well, my script is working fine as long as it does not crash or as long I don’t need to add someone else. So to add dynamically users, I do need to build an express server with a POST endpoint like

So I have to create an application

To sum up

  1. Build a basic front-end with auth (connected with Twitch API to get user’s access_token).
  2. Store user’s oauth token in database and allow dashboard to streamer and moderators.
  3. Add a classic button in dashboard to call the POST /join endpoint on server express (aka the bot) to add the bot to the streamer channel.
  4. Add another classic button in dashboard to call a to make the bot leave the channel.

Am I right ?

Another question : as I’m working on a Twitch bot, do I have to use a realtime database (like Firebase), or a classic sql is enough ?

I went looking EventSub documentation and I think I will try to connect with websockets but as I don’t really need to be aware if the stream has started or not, I won’t do it in this first step.

Yeah I keep the forum open most of the time I’m in front of my computer

You didn’t already? (An Application being a set of ClientID and secrets used to generate tokens so your bot can login to chat in the first place :stuck_out_tongue: )

How does your bot login to chat then?
Are you using a third party third party token generator…

Yup sounds correct and is not dissimilar from what I do.

Either or work I know people ahve used either.
I prefer MySQL myself over something like firebase

EventSub doesn’t support websockets, yet.
So you’d be using “traditional” webhook style HTTP Post.

But the same express server you create for people to login to your dashboard with, can be used to handle EventSub messages.

Hello :smiley:

I went with Firebase for multiple reasons (but for discovery purpose mainly).
I managed to fetch my “streamers” collection when the bot start, I also made a specific account to my bot. I added a route /join an channel and another one /part to make the bot leave a channel and seems to work properly.

I’m just having some trouble to the connection because I get a permission error when I try to ban someone:

[16:58] info: [#carbow] You don't have permission to perform that action.
Error banning azehoss00313: no_permission

I went by the to grab my access_token and select the scope channel:moderate.
I tryied to fetch programmatically my access_token with OAuth client credentials flow but for some reasons I didn’t managed to pass the token to my client yet because of some bugs.

Do I have to use OAuth client credentials flow when bot login ? or can I pass manually the token in an .env file ? Which scope allow me to ban some ppl if it’s not channel:moderate (Perform moderation actions in a channel. The user requesting the scope must be a moderator in the channel)?

No. You must use a user token

When the token expries you’ll need to use the refresh token to get a new token.
So .env might not be practical since the key will change periodicailly.

Sure use .env for ClientID and Secret (since you need the secret to run refreshs)

But the actual token/refresh token probably does work well in .env as it changes

This will give you a useless user token. As when the user token dies you’ll have to manually give it a new token

You should create your own oAuth flow using your own ClientID. And then seed the bot with a user token/refresh token.

I touched on that here. You really shouldn’t be using someone elses generator for your own tools. If that ClientID gets revoked all your stuff dies

This is the wrong kind of token for a chat bot.
As A Client Creds token does not represent a user.

channel:moderate is the required scope, this lets this key be able to send /ban
However the account will also need to be a mod on the channel you are trying to perfrom moderation actions on.

This indicates that your bot user account is not a mod on carbow
And/or the User Token used omits the channel:moderate scope.

That is the part when my brain is breaking down haha

I’ve made a bot (which is an app technically) but act like a user and has the same auth code flow as a user. I’ve already implemented the OAuth Authorization code flow but with this GET http call (from the bot) but I get redirected and can not grab the access_token which is in url and it’s not in response body.

So I guess I have to

  1. make a front-end
  2. auth the user from the front-end with OAuth authorization code flow (wich is a HTTP GET call) and get redirected to the front-end (I do not know how to grab the token from url in the backend otherwise…).
  3. The user click to a basic button to add the bot to his channel, making a call to my backend /join.
  4. On the join I send this specific token generated by the user in the front to the back-end (bot) and create a client with this token for each user who is signing ?

Okay I won’t use this anymore, thank you

An “app” is the program in your wording, it would seem.
The program will connect to chat as a user.
So it uses a user token, since it needs to operate as a user.

The App Access Token is only useful for accessing public data and cannot be used to write. (Using chat is write)

You used implicit auth instead of regular code auth.
Should be using the latter for most applications/programs.

Are we talking about getting the bot auth token.
Or the flow to let users sign up to use your bot.

This looks like the latter.

Either way:

  1. Create a web page that has a <a href=""> link to Twitch oAuth
  2. User clicks that link
  3. The accept (or decline) the link
  4. They come back to your website with a ?code
  5. Back end grabs the ?code and exchanges it for a token and refresh token.
  6. User is now logged into your website essentially.


Since your bot is logging into chat as the bot and not as every other user

The chat join command doesn’t need the token just the user name.

Bot logged in as fred
Alice logs into your website and hits the join button
Website tells bot to do a thing
Bot then sends /join #alice

Both of them has to be auth isn’t it ? :smiley:

  • My bot has to have a token to connect it to the streamers channels.
  • My user can auth from the website with twitch and from a dashboard page add the bot with a click of a button.

Following this example of tmi.js

const tmi = require('tmi.js');

const client = new tmi.Client({
	options: { debug: true },
	identity: {
		username: 'my_bot_name',
		password: 'oauth:my_bot_token'
	channels: [ 'my_name' ]


In this example, is the my_bot_token equal to the ?code you are reffering to ? In this case it means, every streamer will send his token to the client.

This looks okay to me, but in this part

I do not see the utility of transmitting the code to the backend for the bot because the bot will be already launched with it’s proper token ?

The code is NOT an OAuth token, it must be exchanged for an Access Token and Refresh Token, which can only be done server-side, as Barry explained.

Once your bot has the users access token, you can then have your bot join the channel associated with that token. You can also periodically check the validity of that connection to your app by the user and if they have revoked access you can have your bot part their channel.

Technically no.
A bot can join any channel.

Some people use a dashboard. (A good way to control/edit commands)
Some people say “go to my joins channel and run a chat command”

This is a good work flow yes. And what I would do if I was running a multi channel bot.

To expand, here

Either use the “join button” to trigger the flow, Since you have the username from being logged in.

Or use get users API to do a token to user lookup and extract the username from that to join on.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.