Testing Third Party Authentication in Developer Rig

So I’m working on an extension for Destiny 2 that requires authenticating the broadcaster with Bungie.net. I got an oauth flow happening through my EBS however I realized once I ran it through the developer rig, that the iframe sandboxing was blocking it.

I saw there was some whitelist settings in the extension capabilities section so I tried adding them to the panel.json config with no success. Does the developer rig even support whitelisting, or am I perhaps not setting it up correctly?

I set the panel whitelist config to “https://www.bungie.net/*

The desired auth flow is as follows:

Broadcaster brings up config settings and clicks an “Authorize” button that can either open in a new tab/window or redirect to the Bungie authentication url.


Once the user approves, it either redirects back to the config page or to an EBS endpoint where it completes the authentication and stores the details in the backend.

From where any extension views can poll the EBS to determine whether it has been authorized to use the broadcaster’s Bungie account.

Is this something that can be done with Twitch Extensions? Another alternative I thought of was doing the authentication with Bungie.net on my website and sending updates to the EBS from a client side app, but it’d be better if I could run the whole thing as a standlone extension.

The OAuth loop should be done from the config page, not the panel. You should be able to whitelist the bungie domain on config page, do this on your dev.twitch.tv Dashboard under Versions -> Manage -> Extension Capabilities -> Whitelist Config Urls.

If you’re not sure whether or not the dev rig is the problem, you can simply test it for real by adding the extension to your channel and visiting the configuration page for it.