Hello there,
I’ve been working on a small website, on which I’ve implemented a OIDC connection with Twitch.
I’ve created an application, got both my client_id and client_secret, and specified my OAuth redirect urls to http://localhost:3000/auth/twitch/callback.
When clicking on the connect with twitch button on my website, the user is successfully redirected to the authorize screen on Twitch (URL like https://id.twitch.tv/oauth2/authorize?response_type=code&client_id=xxxxxxxxxxx&redirect_uri=http://localhost:3000/auth/twitch/callback&scope=openid).
At this step, the user can either click on Authorize to accept my app to get its information, or click on Cancel to refuse.
When accepting, the user is successfully redirected to my website, on the page specified in the redirect_uri parameter, which in my case is http://localhost:3000/auth/twitch/callback.
However, when clicking on Cancel to refuse, I’m always having this screen, noticing the user he’s about to leave the website to a domain not being controlled by Twitch:
The Continue button is redirecting me on this page : http://localhost:3000/auth/twitch/callback?error=access_denied&error_description=The user denied you access&state=xxxxxxx, which is the same url that is allowed in my OAuth Redirect URLs.
So, I’ve already seen this page when the redirect_uri was not allowed in my OAuth Redirect URLs, but in this case, the url is the same one for a success or a failure.
Having a doubt about the http and localhost, I’ve also tried using ngrok + https, but got exactly the same issue.
The last thing that made me believe it was a “normal” behavior from Twitch was when I’ve created my account here on https://discuss.dev.twitch.com/ using my twitch account, and refusing at first to simulate the same thing, and this also showed that same screen.
Is this a normal behavior ? Have I missed something ?
I couldn’t find anything on Twitch dev documentation or on the forum (if I missed it, sorry).
Thanks in advance!