Worried about Review Process

BarryCarlyon · September 9, 2020, 6:42pm

I was confused to which example you were referring to

As already covered, onAuthorised returns the channelID.

In an ideal world you’d do everything by ID, to account for name changes.

But if you have the channelID from the JWT, and a service, and an app access token, you can get the channel name from the users API (A user is a channel and a channel is a user)

To cite my profile example

github.com

BarryCarlyon/twitch_profile_extension/blob/main/ebs/server.js#L110


      
          Similar to cors probably want to make this route specific
          rather than global
          
          But if this server only does extension traffic then all good to global
          */
          app
              .use('/:route?', (req, res, next) => {
                  if (req.headers['authorization']) {
                      let [ type, auth ] = req.headers['authorization'].split(' ');
          
                      if (type == 'Bearer') {
                          jwt.verify(
                              auth,
                              config.secret,
                              (err, decoded) => {
                                  if (err) {
                                      console.log('JWT Error', err);
          
                                      res.status('401').json({error: true, message: 'Invalid authorization'});
                                      return;
                                  }

url: 'https://api.twitch.tv/helix/users?id=' + req.extension.user_id,

becomes

url: 'https://api.twitch.tv/helix/users?id=' + req.extension.channel_id,

And the profile extension becomes a channel profile extension

You’ll need a relay server, which I though you had since you referenced a database.

As otherwise there’s no way to reach the gamer’s PC (ignoring opening holes in the firewall and leaking the streamers IP address and the fact you need a SSL Cert)