OAuth via Shortcode

Feature request:

I’m currently using the redirect mechanism to authorize the user, but this requires that I run a server to handle the redirect.

In the future is it possible to add a shortcode mechanism to handle user authentication.

You’ll see this mechanism used by set-top-tv-boxes where they have a 5-letter code on the TV that you enter into a website url and that authorizes the TV device.

This would be useful for extension-backend-services.

I believe you are after this https://dev.twitch.tv/docs/authentication#oauth-implicit-code-flow-user-access-tokens

Close but not quite.

The API would provide an authorization endpoint that generates a shortcode or code to display to the user.

There would be a second endpoint to verify that the shortcode had been authorized where you could get the access_token and refresh_token.

The way it is now is there’s an endpoint that generates a code. But you still need to run a server either locally or remotely to handle the authorization redirect.

Having an endpoint for generating a shortcode and checking if the shortcode is a bit cleaner. Essentially, I have to make a server page that does the endpoint that I’m looking for…

There’s also some extra work by the extension backend to correlate the auth request with the final authorization.

There’s lots of ways to do it, but I’m using a php page with memcached to pass the browser tokens to the extension backend.