Is it possible to EventSub in an extension front end?

tf2casperr · February 1, 2023, 10:02pm

Hello - I am trying to use EventSub websockets to get channel follows in an extension front end. I can connect to the EventSub websocket just fine and I receive the welcome message, but when I try and subscribe to the event I get a 401 - “invalid JWT used”. I am using the helixToken that the extension onAuthorized function returns.

    Twitch.ext.onAuthorized(function (auth) {
        console.log(auth);

        const socket = new WebSocket('wss://eventsub-beta.wss.twitch.tv/ws');

        let websocket_id = null;

        // Connection opened
        socket.addEventListener('open', function (event) {
            console.log("open", event);
        });

        // Listen for messages
        socket.addEventListener('message', function (event) {
            const data = JSON.parse(event.data);
            console.log('Message from server ', data);

            if (data.metadata.message_type === 'session_welcome') {
                websocket_id = data.payload.session.id;
            }

            $.ajax({
                url: 'https://api.twitch.tv/helix/eventsub/subscriptions',
                type: 'POST',
                headers: {
                    'Client-ID': 'auth.clientId',
                    'Authorization': 'Extension ' + auth.token, // Using token instead of helixToken for devrig.
                    'Content-Type': 'application/json'
                },
                data: JSON.stringify({
                    "type": "channel.follow",
                    "version": "1",
                    "condition": {
                        "broadcaster_user_id": auth.channelId
                    },
                    "transport": {
                        "method": "websocket",
                        "session_id": websocket_id
                    }
                }),
                success: function (data) {
                    console.log("success", data);
                }
            });

        });
    });

Should this be possible with the extension token, and if so what else might be the issue?

Thanks

BarryCarlyon · February 1, 2023, 11:56pm

The HelixToken doesn’t represent a user.
As such it cannot be used with EventSub WebSockets.

HelixToken is only valid for calling the “regular” API (excluding anything scoped)

To put it another way: no an extension frontend cannot utilise EventSub as there is no sensible way to get a user token to use in order to access EventSub.

Additionally with the upcoming changes to follows, you will need a broadcasters token, and you can’t leak that in an extension front end.

tf2casperr · February 2, 2023, 10:25am

Thanks as ever Barry for your quick and helpful response!

Could you please elaborate on the upcoming changes to follows? I’ve looked through the announcements and can’t see anything about follows changes. Will this affect the regular https://api.twitch.tv/helix/users/follows endpoint?

Thanks

BarryCarlyon · February 2, 2023, 10:26am

Yes

It’s broadly believed the data is becoming scoped. But details are to follow.

I know changes have been announced as on the way but what those changes are hasn’t been confirmed

tf2casperr · February 2, 2023, 2:02pm

Thanks again.

As a front-ender with an extension entirely reliant on hitting the follows endpoint without an EBS, I await those details with bated breath

The original query was of course kindly answered already, so I’ll mark as solved, cheers!

jbulava · February 2, 2023, 4:50pm

We’ve discussed on the TwitchDev broadcasts that changes to follows were coming and that we would be introducing new endpoints with scopes in an open beta to replace the existing endpoint. No announcement was being published on the forums until we had a solid timeline planned. You can expect that to happen very very soon!