The docs
Doesn’t match with this then.
Also a bunch of the examples there are just wrong/needs a rewrite.
This change on id.twitch makes using the Twitch API to perform a website login “interesting” due to the helix rate limits. Which was why I switched to OIDC anyway, as that gives the Users ID without a Helix API look up. And having to fetch a URI fragment for login isn’t fun
A call to:
GET https://id.twitch.tv/oauth2/authorize?
client_id=<your client id>&
scope=openid
response_type=code
Results in
{“status”:400,“message”:“invalid response type: ‘id_token’ required for ‘openid’ scope”}
Which disagrees with the docs. And appears to be valid in the OIDC spec?
1.A
GET /authorize?
response_type=code
&client_id=s6BhdRkqt3
&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
&scope=openid%20profile%20email
&nonce=n-0S6_WzA2Mj
&state=af0ifjsldkj HTTP/1.1
Host: server.example.com
HTTP/1.1 302 Found
Location: https://client.example.org/cb?
code=Qcb0Orv1zh30vL1MPRsbm-diHiMwcLyZvn1arpZv-Jxf_11jnpEX3Tgfvk
&state=af0ifjsldkj
That allows OpenID via response_type code doesn’t it? Then code exchange the code and get the ID Token. Just like https://api.twitch.tv/kraken/oauth2/ yes?