The state string should be randomly generated and unique for each OAuth request. If this string doesn’t match the state string that you passed, ignore the response. The server returns this string to you in your redirect URI (see the state parameter in the fragment portion of the URI). You must URL encode the list.Īlthough optional, you are strongly encouraged to pass a state string to help prevent Cross-Site Request Forgery (CSRF) attacks. The APIs that you’re calling identify the scopes you must list. The access token is sent to this URI.Ī space-delimited list of scopes. Set to true to force the user to re-authorize your app’s access to their resources. This can be done via your application control logic or simply by adding an HTML hyperlink for a user to click if your service is a website (e.g. To get a user access token using the implicit grant flow, navigate a user to with the following query parameters that are appropriate for your application. This flow is meant for apps that don’t use a server, such as client-side JavaScript apps or mobile apps. NOTE Third-party apps that call the Twitch APIs and maintain an OAuth session must call the /validate endpoint to verify that the access token is still valid. This flow is meant for apps that only need an app access token. Use this flow if your app uses a server, can securely store a client secret, and can make server-to-server requests to the Twitch API. For example, use this flow if your app is a client-side JavaScript app or mobile app. Use this flow if your app does not use a server. If the APIs you’re calling require an OAuth app or user access token, use one of the following flows to get the token: Flow The simple difference between the two types of tokens is that a user access token lets you access a user’s sensitive data (with their permission) and an app access token lets you access their non-sensitive data only (and doesn’t require the user’s permission). The API’s reference content identifies the type of access token you’ll need. Depending on the resource you’re accessing, you’ll need a user access token or app access token. Twitch APIs require access tokens to access resources.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |