How to correctly pass the Client Secret

vonriddarn · July 11, 2022, 10:26pm

Hello!

I’ve read through the FAQ and the documentation for the twitch API.
I understand fully that I should not share my Client Secret with anyone else but myself.

The problem is that I am working on an application that I intend to distribute to the public for free, and that means I must also encrypt the key so that it may not be data mined.

I am an intermediate level hobbyist that have never dealt with any type of encryption before, and therefore I am wondering if anyone could help point me in a good direction, maybe some official documentation if that exists?

For reference I am currently using TwitchLib with a C# application.

Thanks in advance!

Best regards,
Timmy.

BarryCarlyon · July 11, 2022, 11:01pm

For this sort of application you would either:

Use implicit auth to login a user as that only requries the clientID
Ask the user to priovde their own cleintID/clientSecret

You can’t really store it encrypted as you need to decrypt it to use. So theres no docs for this since you just use implict auth instead.

vonriddarn · July 12, 2022, 9:08am

Thank you so much, Barry!

Now that I have the name of the workflow needed for my application I could actually find it in the API documentation. If anyone stumbles across this question in the future via google, please refer to:

Thank you again for the quick and professional reply.

Topic		Replies	Views
Secure client secret API	2	2491	April 27, 2015
Should the Auth token and/or client ID be secret? API	11	736	February 21, 2021
Hide ClientID in login with twitch request API	4	932	March 17, 2019
Need help getting client secret API	2	399	March 20, 2021
Authentication in a desktop application API	3	677	March 26, 2022

How to correctly pass the Client Secret

Related topics