Friday, May 30, 2014

Custom OAuth




UPDATE July 26, 2017: With additions and updates to twitch there are now more scopes possible when generating an OAuth, these new ones have been added per v5 of the TwitchAPI. Scopes are now sorted Alphabetically. chat_login scope is now an option instead of being included always.

If you are logged into Twitch/Justin an OAuth will be generated for that account. To ensure nothing goes wrong check
Twitch/Justin or simply go and logoff, you will be asked to login to the account you want to generate an OAuth for.

channel_check_subscription: Read access to check if a user is subscribed to your channel.
channel_commercial: Access to trigger commercials on channel.
channel_editor: Write access to channel metadata (game, status, etc).
channel_feed_edit: Add posts and reactions to a channel feed.
channel_feed_read: View a channel feed.
channel_read: Read access to non-public channel information, including email address and stream key.
channel_stream: Ability to reset a channel's stream key.
channel_subscriptions: Read access to all subscribers to your channel.
chat_login: Log into chat and send messages.
collections_edit: Manage a user’s collections (of videos).
communities_edit: Manage a user’s communities.
communities_moderate: Manage community moderators.
user_read: Read access to non-public user information, such as email address.
user_blocks_edit: Ability to ignore or unignore on behalf of a user.
user_blocks_read: Read access to a user's list of ignored users.
user_follows_edit: Access to manage a user's followed channels.
user_subscriptions: Read access to subscriptions of a user.
viewing_activity_read: Turn on Viewer Heartbeat Service ability to record user data.
openid: Use OpenID Connect authentication.



While working with the Twitch API I noticed that scopes are like the creditials an access card has. At first I figured any generated OAuth key should have complete access to my own room (channel) but I was sadly mistaken. An OAuth key must be generated with the specified creditials and this is absolute. So comes the next task, how do I go about generating OAuths with the proper/needed scope? The most common and known OAuth generator only generates OAuths for IRC login for chat with only the scope "chat_login". I thought is there a way to modify this generator so that it will request a new key with the added scopes. I looked on the documented page and it states that you can specify the scope in the URL. I went back to the generator and load and behold at the end of that URL was "&scope=chat_login". The TwitchAPI documentation says I can add scopes seperating them with a plus sign "+" and so I tested it. I changed the end of the url to "&scope=chat_login+channel_subscriptions" because getting subscription info was my main goal at the time. I pressed enter and it gave me a new OAuth. I checked the new OAuth with the twitchAPI to see if it had indeed the scope I needed.


If you look at line 14, as you can see the needed scope is indeed there. Mission accomplished lol. The next thing I wanted to do was make it easy for people to create their own custom OAuth key using the existing key generator. I do not know of an existing easy to use method of making custom OAuth keys and so made my own here.

Finally here is the code snippet of the OAuth customizer used here (HTML + JavaScript):