401: Missing User OAUTH Token (get-custom-rewards)

BarryCarlyon · November 21, 2021, 7:55pm

I already did

BarryCarlyon:

If needed you can refer to some examples

I have written two examples for user authentication, one for node and one for PHP

https://github.com/BarryCarlyon/twitch_misc/tree/main/authentication/user_access_generator

Other examples may exist on Community Resources | Twitch Developers

oAuth is very straight forward

user comes to your website

user decides to use your service

user clicks on a <a href to login (sometimes this might be a /login/ that then redirects to Twitch so you can set a state param in the session nicely)

that link takes then to the service

the user accepts (or declines the link)

user comes back to your site and if they accepted a ?code will be present in the query string (other wise an ?error/error description)

you exchange the ?code for an access and refresh token

you store these tokens and use those tokens

This works for a number of serices, you just swap in the different token URL’s and scopes as needed

Use the validate endpoint to check the current expiration of a token. Or check expires_in when a token is obtained

Generailly speaking:

implict token - 60 days - can’t be refreshed, manual remake
regular token - 4 hours - has refresh token to auto obtain a new token
app access - 60 days - just get a new token, doesn’t represent a user (included for completeness it’s not usable for what you want to do, unless talking to eventsub)

If you were using EventSub webhook transport:

authenticate the user
discard the token
use an app access token to create Topics
then it works forever! No token faffery.

But you can’t eventsub with an SE Widget.

Odd that they don’t include access to the SE token that SE has, and/or they don’t provide a way to get an oAuth token anyway