Currently developing an app which acts as a simple IRC bot to fetch data from the Twitch chat. If I were to distribute this app, would including the same username/oauth credentials be okay? Unsure if multiple connections from the same account would pose any problems… Thanks in advance!
If the bot has the ability to type commands, like /msg #anotherchannel .ban name from #channel that wouldn’t be good. (if the user pulls the oauth out of it, it could create a session as that bot and cause havoc in any channel it’s modded in)
Your bot could ask for an oauth input for that user or do a login with twitch auth window to pull the users oauth, So it doesn’t have to be a shared account.
The bot should never be given any mod privileges. That said, someone pulling the oauth to impersonate the bot remains a possibility… Who knows how likely that would be as there really wouldn’t be any gain in doing so, but I guess I could look into user authentication. Probably the safest route and I shouldn’t be lazy. 
Appreciate the reply!
Someone would probably pull your oauth and abuse it if you include it in your app, so don’t.
If the purpose is to only fetch data, you can use justinfan to log in anonymously, just use NICK justinfan1234 to log in, you don’t have to send PASS, it will log you in anyway. (you can replace 1234 with random numbers)
This login allows you to listen to messages in the joined channels, but not send any commands/messages whatsoever (except JOIN and PART as far as I’m aware).
2 Likes
Do not distribute your oauth with your application. Sooner or later someone will use it for malicious purposes and we’ll suspend the account.
@UndeclaredFunction Just to top this off, don’t distribute your OAuth token ever. The developer agreement explicitly states that you are responsible for how the OAuth token is used. If it is abused in any way, it’ll come back to your account tied to that OAuth token.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.