First of all let me apologize as I’m relatively new to Oauth and web development in general. I have used a library to generate an authentication service with twitch for my webapp, and all is working great.
The only problem is currently I pass nothing for the ‘scope’ parameter of my API request, and it is requesting email and stream key in the authorization of the login. A lot of my users would definitely be uncomfortable allowing me access to certain things, so I wondered if there was one that literally just got me the username (and obviously the ability to authenticate)?
I don’t need anything else, email isn’t important to me and I think the users would be more comfortable if I didn’t request it. Is this possible? Thanks so much!
Also, here is the library I’m using; After reading the first reply I’m assuming it’s actually hitting something that it shouldn’t be based on my empty scope parameter: GitHub - if there is a line in this that I could change to only request the username, i’d be happy to make a fork and do so.
Just authenticate with no scopes specified (leave it blank, or just omit the “scope=” from your authentication URL, as I know it’s possible) and hit the https://api.twitch.tv/kraken/ endpoint with the OAuth token, there’s a value for just the username (token.user_name).
So I attempted this and it’s still requesting the email address of the user (but not the stream key thankfully). It may not be possible to not request the email?