I’ve been re-building my chat bot to use webhooks and the new API endpoints.
I got completely stuck on authentication and thankfully in most part to this post OAuth Authorization Code Flow for a chat bot: 401 invalid csrf token Im back on track now.
I realised now that my mistake was thinking I can get the initial authentication code via code.
Before I go ahead and start this again I wanted to check my architecture plan;
- Authentication route that triggers the request for an access key and refresh key.
- Redirection route returns the user with a code - corrected by Dist
- Code is exchanged for access and refresh on token endpoint - corrected by Dist
- The above basically fires up the bot and is when we can begin to expect webhook payloads - dynamic logic to register routes and subscribe to each webhook desired.
- Authentication fails from this point I can use the refresh key to re-validate the bot, only returning to the auth route manually if the keys all expire or are invalidated.
With this process I can both listen for webhooks (after subscribing to them) and also query the API to display on routes for webpages that will ultimately become part of scenes in OBS?
I believe this is right and im now on the correct path but i would appreciate a friendly nudge if not.
Incidently, the post linked above would be well placed on the documentation pages