Make authenticated calls to api with token from Twitch.onAuthorized


I am trying to make authenticated calls to Kraken api with the token from Twitch.onAuthorized but the api tells me that the token is invalid.

If my panel extension wants to make authenticated calls, how should I proceed ?
I can not find any functions in Twitch.ext object to ask for some permissions and a token.

The token you get from onAuthorised is a JWT and its not applicable for making calls to Kraken/Helix.

The JWT is only used to validate that the user_id contained within it is the user_id that it claims to represent. And additionally when passed from your extension front end to your backend validates it is coming from the front end.

Simply speaking you don’t

What API calls do you intend to make that requires authentication?

I wanted my extension to check if a user is connected to chat right now.
So I thought I had to make authenticated calls, but there does not seem to be any endpoint for that anyway and then just wondering if we could make authenticated calls at all.

Sent JWT off site to your EBS, the EBS can then cross check with the viewer list for the channel. No authenticated calls needed.

Or the Extension can fetch the viewerslist itself and compare, but I wouldn’t recommend that.

You would need to perform your own authentication/oAuth loop in order to get a key, this would work best with Implicit auth since an extension is pure client side. But you don’t know what the Redirect URL needs to be.

So you’d need to route this via your EBS, to jump/skip the authentication back to the Extension Client.

Or you do normal auth via a bounce to your EBS and proxy any requests from your extension via the EBS.

TLDR: It’s not easy to do authed called in an extension pure client side due to the need to protect secrets and the fact that you don’t know the redirect URL for the frontend

Great response. Thank you!
@BarryCarlyon How do you check the viewer list for the channel tho ? There does not seem to be any endpoint for that.
The chat bot could manually add and remove viewers coming and going but it adds complexity.

Undocumented endpoint that is mentioned many times on this forum

Doesn’t work on channels north of 1k chatters.

Yes, okay I was going to use that.
Thank you.