Support for native OAuth apps, and RFC 8252?

I’m looking into developing a personal Twitch streambot, where I can set up a desktop app that can call Twitch API calls to automate a number of things during streaming. In order to do this, I need to be able to get an OAuth2 token to do so. It appears, however, that Twitch does not support the recommended way of handling native OAuth apps.

RFC 8252 ( says that an authentication endpoint should accept{custom port}/{path} as a redirect_uri. Specifically, if I add the following as a redirect URI:

It should accept as a valid redirect, and proceed through the auth code flow.

Is there any effort to implement the recommendations of RFC 8252?

Use http://localhost/ instead of

That RFC actually says that localhost is worse than This is because it’s still a DNS name that can be resolved, and incorrectly configured machines (or maliciously configured machines) can have that mapped to anything. See


They can’t do much without your Client Secret but I do see your point.

However I did do a check,

Seems you can set it to or at least “works for me”

And works fine for me with a brand new clientID

using in my example

And using yours

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.