I have an application all ready to go, meaning it is all tested and running on my channel. The app is registered and I obtained and I did the OAuth flow based on the info in my channel.
Where I am confused is what step(s) is needed to run the app using another Broadcaster’s information. e.g. is there something the other Broadcaster needs to do to obtain and give me their OAuth code/Client ID, etc. Obviously I am totally ignorant of the process and the more I read, the more I get confused. I read the associated Authentication part in the Twitch doc but it would help if I had a plain English roadmap of the steps needed so I don’t go down uncharted paths. eg… What does the broadcaster need to do to get me an OAuth code so my app can access their Broadcasting capabilities. Thanks
To get a User Token, you would use the Authorization Code flow if it’s a server-side app, or the Implicit Flow for a client-side app (such as API requests being made in the web browser)
For both cases, to get an Access Token from any user they would go to your website, and click a button which redirects them to Twitch, where they can agree to the scopes you’re requesting. Once they accept they’ll be redirected back to your website, at which point the Auth Code flow gives you a code in the querystring param which your server can exchange for an Access Token and Refresh Token, or if using the Implicit flow you’ll get an Access Token in the URL hash.
Thank you so much. This helps a lot. The one part I am still confused about the following part:
I remember getting an authorization panel where I agreed to the scopes but I did not set up a separate website for that. In fact, I tried so many things that I somehow just stumbled into that authorization screen. It think it came up when I logged into my channel but I don’t remember. Is there somewhere this is documented or an example of this? Thanks again.
It’s documented in the links I provided. Step 1 of both of those OAuth flows is to redirect the user to Twitch, with a link you construct using your client id, redirect url, scopes, and any state.