Question about API tokens #371
Comments
|
Hope this can help you with a couple months old response. First off, when we request an access token, all required access scopes have to be specified when creating/requesting that access token. We can have, say 5 scopes, to create an Access Token, and use API calls under those 5 scopes with that same token. Twitch secured its platform with OAuth 2.0 authentication ids & tokens. To do anything automated with the platform requires an access token; sometimes broadcaster level tokens (meaning only the streamer's channel owns access to that content) or sometimes moderator level users (as in say a moderator level bot account in the streamer's channel). What you're specifying is one of the grant flows, and makes sense to me; but isn't necessary/alternative flows exist making it easier to manage. ** I currently have implemented an authentication process using a token generator: https://twitchapps.com/tokengen/, with the required scopes to generate a token expiring in 60 days (seemingly 7 days earlier for follower scopes). Then, I used the "TwitchLib.Client" to connect to a channel, which reports current users on bot connect, then reports every user joining and leaving channel. There is an api.Helix call to get channel chatters too, ** My aim is to allow the user to choose between they can manually refresh every 60 some days or let the app continually get a new access token after user sets it up first time. Although, Twitch also invalidates access/refresh tokens if a user changes their password (just saying, can make user have to reperform setup steps/get a new token). So, as I've read about the implicit grant flow, several of these calls are already coded in: https://github.com/TwitchLib/TwitchLib.Api/blob/master/TwitchLib.Api/Auth/Auth.cs Depending on which grant flow we use, the access tokens are single use then expire or can continue until expired. I'm looking at implicit grant flow where the user can register the app and get a client secret, can then get an Access Token and Refresh Token from Twitch servers, with an expiration time. The documentation states we perform API calls until a detected "401 unauthorized" error, meaning the token is invalid. Then, we use the "Refresh Token" to get another "Access Token", which returns a valid "Access Token" and a new "Refresh Token" for the next "Access Token". Some of the documentation seems off with other documentation (one saying periodically check token if valid & refresh as needed vs use it until it becomes invalid without checking); however, I also searched the Twitch forum and there are some details about using tokens. ** Let me know if you need more specific details. |
I feel like I'm going insane. In order to get a list of chatters and their user info (such as creation date, to filter out bots during a follower hate raid), I need to get an access token from the bot, use that to generate another token, add all the different scopes to it one by one, then that token is only valid for 4 hours and I have to regenerate it every time I want to use it using another token?
Is there any way I can just get a list of chatters in a channel I have moderation in without all this nonsense?
The text was updated successfully, but these errors were encountered: