I am working on a singleplayer video game, in which I would like to add support to Twitch tools such as polls and chat.
To do so, I need to get an OAuth, and the problem I have faced is the lack of webserver to send the token to, considering this is a local, singleplayer game.
However, while looking for answers, I found a clever way to deal with this issue, without having security issues to my knowledge :
- Before sending my user to the oauth2/authorize URL, I start a small, local http server on their machine, listening to port 8080.
- When their browser gets redirected to http://localhost:8080, I retrieve it, return a simple “thank you” html page, and close the http server.
Is this okay from a ToS standpoint ?
This functions marvelously, it’s fast and crossplatform, and seems like a good solution for my “singleplayer no server” situation. But am I ALLOWED to do that?
Is this okay from a security standpoint ?
From what I understand, the user’s browser gets redirected after getting the oauth token. So I feel like it’s safe since the oauth token doesn’t even leave the user’s computer, being a “localhost” call. However, I am not a web, nor a network developer, so I’d like to make sure I’m right.