OAuth2 Getting All Scopes?

Hope everyone is doing well. I have an inquiry regarding the SCOPES request when generating a new token.

I am currently working on a project for myself that basically displays all sorts of information.

Front page would display all the details regarding my stream, perhaps a profile page with other statistical information about my twitch page, and I am going to try and migrate away from using third-party services like streamlabs/muxy and display my own alerts and information so that I can have absolute control over my content displayed on my url.

Later on once I feel that I’ve accomplished the goals I set forth I will release the source with a generic template that’s easy to edit on github or something to share in the wealth of knowledge.

Sorry for the background information. My questions are as follows.

Is there a way to setup my token with all scopes instead of having to do them one by one?

  • If so how can I go about accomplishing this?

Is there any negative impact or reason why this might be a bad idea for what I’m trying to accomplish?

Are there any tokens I should be wary of, considering I do plan to release this to the public once I’ve completed the project?

Thanks very much for any information that can be provided. :slight_smile:

Someone could steal your token, and cause a lot of problems…

You should only ever request the scopes you need for your application to function

No you’d have to add all of them to your URL, there is no “all scopes” shortcut.

Because, you should only ever request the scopes you need.

1 Like

Not sure how one would steal the token. Would it be safe to assume someone could also steal my Client-ID?

Reason I ask is I’m not entirely familiar with how Twitch handles all this information and building this project is a fun learning experience for me.

I am familiar with best practices in web security so storing the information in a config.php is how I intend to store all the information. The directory is pretty secure so I don’t anticipate anyone accessing the file and reading the ID, Token, or anything in there.

As for adding the specific list of scopes would the following be the way to go about it?


I do intend to stay away from anything that grants edit permissions as that’s just asking for trouble.

Thanks again!

Indeed, but still not wise to generate a “every scope” token

ClientID’s are public information they are in the URL when you send a user to authenticate your apps access to your account.

Yup, thats how you do it keep +'ing, but still:

Site note: analytics:read:game is useless unless you are a registered game developer.

HA! Just so happens I do a little bit of that with my free time as well. That might actually come in handy later.

I did review the list of scopes and the descriptions are a little vague at best. Would there happen to be a page I can review a little more detail about each scope and what information that allow me to review via API?

This is all just for a streamer url that’s designed to display public stream information and analytical information about the hours I’m usually on and what games I play and how long I play them. Not to mention the occasional PubSub grabbing new followers and so forth for the alerts system.

I don’t have any plans to authenticate anyone other than myself. And if I don’t need the scope you are absolutely right in that I shouldn’t request it.

I really appreciate your feedback, @BarryCarlyon

No that is the page. Various end points list the scopes required for that end point.

Followers is not on PubSub, and that doesn’t need a scope anyway, thats public data
There is no stream analytics endpoints so theres no scopes for that, you won’t get “hours streamed” without real time collection

I’ll review the documentation further on PubSub so I am more familiar with the information that I’m going to be gathering. Thank you for pointing that out.

Could have swore there was some information I looked up about reviewing stream start and stop times and game change information on the stream. Maybe I didn’t understand it properly. I’ll cross that bridge when I come to it.

Thank you again for all of your help and clarification. I really appreciate it.

What you describe sounds like webhooks, but you have to collect the start/stop when the event occurs. you can’t get the start/stop for a stream yesterday, if you didn’t collect it yesterday

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.