Not sure how one would steal the token. Would it be safe to assume someone could also steal my Client-ID?
Reason I ask is I’m not entirely familiar with how Twitch handles all this information and building this project is a fun learning experience for me.
I am familiar with best practices in web security so storing the information in a config.php is how I intend to store all the information. The directory is pretty secure so I don’t anticipate anyone accessing the file and reading the ID, Token, or anything in there.
As for adding the specific list of scopes would the following be the way to go about it?
&scope=bits:read+analytics:read:games+channel:read:subscriptions+WHATEVER_ELSE
I do intend to stay away from anything that grants edit permissions as that’s just asking for trouble.
Thanks again!