This is a completely different topic right now, but for me the biggest hurdle with this authentication stuff is the hoops I have to jump through to make this work from a mobile application. It’s a Unity application targeting the Oculus Quest (running Android).
You can make http calls to use the twitch API from a Unity application, no problem. But when authentication requires you to redirect the user to a browser things get difficult.
I can redirect to the Oculus Quests native Browser application. Then the user can authorize the application, get’s redirected to a URL that I can choose, but I have no way to get the access token back from the URL back to my native app. I tried launching the app using Android deep links which works on phones, but Oculus unfortunately prevents that in their custom browser.
In theory If the user has already authenticated the app and I call the authorization API through a http request from within Unity, I could manually retrieve the redirect URL in the http response and get the token that way. However, that doesn’t seem to work for Meta redirects or JavaScript based redirects, which I assume twitch is using here.
One or two people have even build a browser in Unity based on chromium, so you could pull that in, but I haven’t seen any projects that work on Android. Not that building and shipping a browser inside a Unity app for a single authentication step is a sane thing to do anyway.
That means I’m left with either some scuffed approach where the user has to copy the token to the app manually (which is not very good considering tokens expire), or I have to bite the bullet and build a server which I don’t have a lot of experience with.
I wish there was a way to do Oauth authentication without the requirement of a browser, where the authentication response gets returned in the same HTTP call. Is there a dedicated feedback / feature request site for twitch developers other than this forum?
Sorry for the rant, I just needed to vent a little. I’m aware that this is probably not something a lot of people are doing. It’s completely valid for twitch to focus on the main use case which is web.