You normally wouldn’t use client side, You’d use a server based session for this, but depends on the use case, And thus not use implict auth.
However, sure you can store the users own token in the users own localStorage.
This depends how you want to manage user website persistance. For my websites/minisites, I’ll use regular oAuth flows to get a server session and back that with my DB. but depends what I need to login people for.
The linked Implict Auth Example, is just an easy way to demonstrate how to get a user from a oAuth token.
You have to click “authorize app” to provide a token.
Without force_verify if you already linked, the flow just loops around without the “confirm” link. If thats what you mean.
This question is unclear
This example being implict auth.
- The user clicks the auth link. -
https://id.twitch.tv/oauth2/authorize?client_id=hozgh446gdilj5knsrsxxz8tahr3koz&redirect_uri=https%3A%2F%2Fbarrycarlyon.github.io%2Ftwitch_misc%2Fauthentication%2Fimplicit_auth%2F&response_type=token - That goes to twitch
- They accept/decline (skipped if authed once and no forceverify)
- They return to the webpage with a
https://barrycarlyon.github.io/twitch_misc/authentication/implicit_auth/#access_token=TOKENHERE - My code grabs the
#access_tokenfrom the URL - And then uses the access token in the calls to helix.
For implcit auth there is no ?code to access token exchange
As the access token is provided in the URL fragment
For an example of “Server based” sessionage see user_access_generator https://github.com/BarryCarlyon/twitch_misc/tree/main/authentication/user_access_generator
Here you go
- Twitch Link
- That goes to twitch
- They accept/decline (skipped if authed once and no forceverify)
- They return to the webpage with a
?codequery string argument - Your server exchanges the
?codefor an access token - Use the access token as needed
There isn’t a “live” example of this as GitHub doesn’t have a “Server” to run server code/sessions with.