Twitch Auth Setup

Note

If you already have your app's Client ID and Client Secret you don't need to register the app, etc... You can just fill them in below, choose your scopes, then hit the button.

I struggle with auth every time I make a Twitch bot. I set this up to make it easier. It uses a Client Id and Client Secret to get a set of scopes via the "Authorization Code Grant Flow"

The Steps (From Scratch)

  • Register a new app for your bot

  • Open the app management page from the Developer Console if you're not already there

  • Add an "OAuth Redirect URLs" entry with:

    https://www.alanwsmith.com/twitch-auth/page-2.html

  • Make sure to click the save button at the bottom of the page after adding the URL

  • Copy the app's Client ID and paste it here:

  • Generate a Client Secret for the app, put it in your password manager, then paste it here:

  • Choose the scopes you want

    (IRC Chatbots need channel:moderate, chat:edit, chat:read, whispers:edit, and whispers:read. All of those are selected here by default)

    (NOTE: If you selected everything it probably won't work.)

  • Click the button below. It will take you to a Twitch page where you'll be asked to login (if you aren't already) and Authorize the app (if you haven't already). After that it will redirect back to this site. If everything goes well you're Access Token and Refresh Token will be delivered.

Launch Page:
Notes

  • Do not just select every scope. Per the twitch page

    "An application must request only the scopes required by the APIs that their app calls. If you request more scopes than is required to support your app’s functionality, Twitch may suspend your application’s access to the Twitch API"

  • I'm not sure, but getting a new credential might wipe out any existing credentials you have.

  • This works as of Aug. 2023. Twitch has announced plans to change things so no guarantees on its longevity

  • This page does not send anything back to my server. But, I'm a random person on the internet. I encourage you to check the source to confirm that

  • It does, however, use localstorage to pass credentials to the second page. Those values get cleared by the do pass through that mechanism

  • The app Client Secret is only available to view/copy when it's first generated. Make sure to put it in your password manager

  • There's not a lot of error handling here. If something goes sideways you're kinda on your own.

Reference

Twitch Scopes

Reference

Register A Twitch App

Reference

Twitch Developer Console Apps Page

Reference

Twitch: Authorization Code Grant Flow

Reference

Authenticating with the Twitch IRC Server

Reference

Getting Started with Chat and Chatbots