OAuth in an SSH environment

I’m trying to create a service that will join many chat rooms and then create clips based on the messages being sent. Given these requirements, I need a user access token. I have no issues getting this locally, but I want to run this service on a cloud hosted machine.

I have an Oracle Cloud instance set up, but when I SSH into the box I run into issues since there’s no browser/UI. I tried installing a text-based browser, but it doesn’t seem to work with Twitch’s login page (I had a similar issue getting it to render Youtube’s page).

What are my options for authenticating my bot over SSH?

if you can have open ports to raise a web server the TwitchCLI: Twitch CLI | Twitch Developers

Personally to seed my chatbots I use: twitch_misc/authentication/user_access_without_server at main · BarryCarlyon/twitch_misc · GitHub

The TLDR here is that you need to “seed” your system with an initial token. And need to reseed it if the access and refresh token are both dead.

Ironically it’s the model a number of Google/YouTube NodeJS examples

Via a SSH Prompt

Basically it’s not completely headless:

  • SSH: Start the script
  • SSH: Generate the oAuth URL
  • SSH->LocalBrowser: Show the oAuth URL for the operator to copy/paste to a web browser
  • LocalBrowser: Get the ?code= back
  • LocalBrowser->SSH: Copy the resultant ?code= from the web browser back into the SSH prompt
  • SSH: Store the resultant access/refresh token(s).
  • SSH: Use refresh till it’s dead, and you need to reseed

Due to the Join limits:

However such a service that you describe will need permission from the channel(s) in question, so it follows that you should be raising a Webpage for streamers to visit to provide authentication (and/or allow/deny add/remove the bot from their channel(s)) so it follows you can use the same webpage to (re)seed your bot access tokens.

Which is what I do for my custom/public bot, given that I don’t own the bot accounts for all of them so I need the relevant account owners to (re)proviode oAuth tokens if needed.

So TLDR:

Theres no way around the browser.

Bonus thought: you could go DCF which is kinda what this is suited for, but I prefer the regular oAuth flow, only due to it predating DCF existing, and some fun with ClientID types

1 Like