Twitch Authentication Integration Questions

So, I want to integrate twitch into a project I’m currently working on, however I want to confirm I fully understand how to do so. I also have some questions about security.

So, firstly, I’d send the user to the authorize API, twitch would then lead them to my registered URL with a code, then I’d send that code to the token API and get the access token, I’d then save this to a session or a MySQL database, then I’d make a API call to the kraken API with the access token to get the username and such of the user.

My main question is how do I secure the redirect URL, how can I detect if the user is coming from twitch and the user isn’t just trying to give a fake code or anything?

The redirect URLs from your initial authorization request and the redirect set up for your developer application have to match exactly. You shouldn’t need to detect if the user is coming from Twitch at all. A fake code won’t allow API requests through when passed into the Authorization header for those requests.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.