Basically when something specific happen in my extension I make call to my backend and would like to write in chat with a moderator account (it’s a bot).
I have the broadcaster id and the moderator id but it seems that the api endpoint requires a user access token that includes the “moderator:manage:announcements” scope and I don’t really understand how to get it.
Resolved the issue.
I genereted the token for my bot with twitchtokengenerator.com and used those tokens with the specified scope to make the api call in my backend.
It’s not advisable to use someone elses token generator (and possibly clientID)
Fine for testing but you should build your own loop to (re)auth what you need to and ensure you are using your own ClientID
I tried but I don’t really understand how to do it.
From what I need to create an URL with the clientID (of the extension), the redirect_uri (i think it’s the uri of my extension that I see in the dashboard) and the scope that I need. After that the bot needs to manually go that URL and then authorize the extension, then a code will be sent to the redirect_uri.
That code is needed to get the token that I need but how do retrieve the code sent to the redirect_uri?
The token that I get from the code is permanent? Do I need to authorize it manually every time or can I just refresh it with the refresh token?
Extensions don’t have a static redirect URI to use.
If you need to oAuth in an extension then you need to bounce out of the extension to your EBS and process it there as you also need to capture the resultant token (and it’s refresh)
Tokens are not forever
Refresh when ever the token dies.
Full reauth whenever the refresh token doesn’t work
So here on the config view of my extension, I ask people to auth
In the first example the link opens a new window to my EBS, which is https://twitch.extensions.barrycarlyon.co.uk/igdb/api/link/ then I do oAuth.
The second example is similar just a different EBS/server
The second example is more like what you need as it does a full regular code flow oAuth storing the resultant token/refresh token and the server manages said token, reprompting the user when needed to reauth.
It’s industry standard oAuth, so once you learn if once it works for a lot of sites that provide oAuth
Goddamn Barry you know a lot.
Thanks you very much. It’s pretty clear now.
