Authenticate into Twitch API using a given token - oauth

i am currently searching for a way to login into the Twitch-API using an already given id-token (oauth or even better oidc) with or without a NodeJS backend.
Background: I am using firebase connecting to various services next to Twitch-API such as Youtube (Google API), Twitter and Co. I want to use my id-token for each service.
The official documentation doesn't tell if that is possible or maybe i just couldn't find it.
Hopefully there is a solution just not yet documented.
I will struggle with the same problem using the other services aswell.
Thanks alot

You absolutely would need to create your own OAuth token as it is tied to the same Client-ID as the account that generates it.
https://dev.twitch.tv/console
Authentication has it's own flow and endpoints with the way kraken v5 and helix work.
https://dev.twitch.tv/docs/authentication
With the latest changes to the API everything now requires both the Client-ID and OAuth before it will return the requested values.
https://discuss.dev.twitch.tv/t/requiring-oauth-for-helix-twitch-api-endpoints/23916

I'm not sure exactly what "id-token" is but i'm going with "twitch-user-id and access-token".
If you have a valid access token, you have access to whatever the scopes were defined when that token was generated, you can update the token with the refresh token if you need to.
You would need to supply the Client-ID of the application the token was generated for aswell.
Unless "id-token" is meant for a different system.

Related

How to authenticate with custom apis/microservices from using Twilio Flex SSO token

I have successfully enabled a plugin to work with Azure AD . And based on the documentation I can find, Twilio encourages the idea that if you wanted to communicate from React JS app to custom APIs , then you can do so. The problem I see is that Twilio sort of ignores the fact that when communicating to those APIs from the client app, authentication must be in place between custom apis and react plugin app
How are people unifying the authentication between the Auth that takes place at the UI later and subsequent requests that are mare to backend apis? Can we reuse the token?
Within the https://www.twilio.com/console/flex/users/single-sign-on I see
Does this mean OAuth support is coming? Where can I post this question to increase the likelyhood of receiving some indicators as to which protocols are going to be supported in the near future? If twilio flex team is in fact working on adding OAuth support, I would imagine it would only benefit them to let the community know, especially those with existing microservices and OAuth based flow already preconfigured.
Ive added a issue here hopefully to get some response on this question.
https://github.com/twilio/twilio-flex-token-validator/issues/13
Twilio developer evangelist here.
This is related to the SSO tokens used within Twilio Flex.
You can re-use the token to authenticate your plugin. To do so, you'll need to validate the token from your plugin. You can do this by sending the token to the https://iam.twilio.com/v1/Accounts/{AccountSid}/Tokens/validate endpoint.
This endpoint is currently undocumented and not available within the Twilio helper libraries, which is why you have found it hard to find guidance on this, but here's how you use it.
You need to make an authenticated POST request, using your account sid and auth token (or an API key and secret) to the URL: https://iam.twilio.com/v1/Accounts/{AccountSid}/Tokens/validate
The body of the request should be JSON and contain one key, token, with the value of your SSO token.
The result will be in JSON and if the token is valid will have a key of valid set to true. If it is not, there will be a message field you can read to find more information.
If you are using Node.js, you are in luck as there is a module you can install to do all of this for you; the twilio-flex-token-validator. For more detail on making calls to the validation endpoint, you can check the source code of twilio-flex-token-validator. There is also a tutorial on how to make calls to plugins from Flex that gets to securing the plugin about halfway through.
Sorry it took all of this to get to this answer and it's not the greatest answer. Please let me know if this helps and how you get on.

Need help Implementing OpenID connect/ OAuth2 flow using React-native, Spring Rest Api and ADFS 4.0

I have really hard time trying to understand mostly how should I implement my authorization flow. I think I have the authentication flow mostly correctly implemented using the technologies I've listed in the title. Here's what I want to achieve:
Basically I have a mobile app built using React-Native and I have made a restful API for this mobile app to use. I am currently at the point that I have implemented authentication using ADFS 4.0. My mobile app directly uses the ADFS endpoints to authenticate the user and I am able to receive the id_token and access token correctly from there. But here comes the part that I have no clue what to do next. Before I used openID, I had my own authentication and just an OAuth2 flow in my Spring REST Api and everytime I made a request from the mobile app to the API, I provided the access token in the headers, and used it to verify from the authorization server that the user is indeed authenticated and also received some crucial information about the user to use in my API. But now since I use OpenID-Connect and ADFS 4.0 for the authentication, I have the cruicial information I need in my API in the id_token. The question is, what exactly should i send to my API now from the mobile app, the id_token, access token or both? Given the access token to the userinfo endpoint at the ADFS returns the subject of the owner of the token. Like is there any way I could receive the users info using the subject or what exactly should I do. I've tried to research this subject a lot, but I am still very confused..
Send the access token to the API in the Bearer header. In the API, validate the token and, if required, do user info lookup. A Spring example of mine here if it helps.
Happy to answer any follow on questions ..

Validating token and secret retrieved through mobile in the server side

So I have an application that currently logs the user using linkedin. We are using several oauth services to register and login the user into our application, however we do need to validate the authentication in our own server to make sure any requests to our API are valid.
Currently the linkedIn SDK is not functional in our application due to minimum API level restrictions, so we are using a different library (LinkedIn-J), I am able to retrieve the user access token and secret, I cannot find any reference as to validate them in the server.
How can we go around to making this work? Is it even possible to achieve such a thing?
Thank you very much.
LinkedIn does not have a token validation endpoint. Your best bet is to make a simple non-destructive call like https://api.linkedin.com/v1/people/~ and watch the response to determine whether the token is still valid.

DotNetOpenAuth manual handling of authorized token

So I've got OpenID+OAuth hybrid working with DotNetOpenAuth when connecting to google. It gives me back a Authorized token so I need to exchange it for an access token.
I seem to be coming in about midway through a normal OAuth workflow in DotNetOpenAuth. I also seem to be missing somethings that DotNetOpenAuth wants like the the token secret and verifier. However according to the graph here I shouldn't need them.
Any ideas how to easily swap the auth token for an access token with DotNetOpenAuth?
Since you're talking about the OpenID+OAuth hybrid I expect you're writing a web app (as opposed to an installed app). DotNetOpenAuth should only be asking you for a verifier code if you're using the DesktopConsumer class, which is inappropriate for you. Use the WebConsumer class instead and the verifier will be taken care of for you. Swapping the request token for an access token will be automatic as you call the simple methods on WebConsumer, I hope.
As for the token secret, all token secrets are managed by your implementation of ITokenManager, which will save and retrieve token secrets on demand within your database.

Different Access token every time - using Google OAuth and Authlogic

Greetings!
I have some troubles enabling OAuth authentication for my web
application running on Ruby on Rails. I am using authlogic and
authlogic_oauth and that is, in the end, using OAuth gem and therefore
I decided to ask here. So shortly:
I succesfully "register" (i.e. obtain the first Access Token for the
user) but then, whenever I try to "login", I receive a differenct
access token for the same Google Account, the Authlogic-oauth plugin
fails to find the user and the login crashes. Maybe I don't understand
it right but is not the AT supposed to be the same every time. And can
it be a problem that I am accessing Google from http://localhost even
though the Customer keys are for different domain?
anyway, thanks for any reply ... I spend already 2 days with that
issue and debugging doesn't seems to lead me anywhere
Jakub
PS: I sent that question on Google Group oauth-ruby - sorry to anyone reading both channels
The AT is supposed to be different every time. OAuth is not an authentication protocol, it is an authorization delegation protocol. Try using OpenID instead: http://code.google.com/apis/accounts/docs/OpenID.html
Twitter does not give out different tokens which allows OAuth to be used as an authentication mechanism. LinkedIn doesn't do that meaning you may only use OAuth as an authorization protocol (which is what it was intended to do).
However, there is a useful API for pulling in data from LinkedIn. Of particular interest could be the Profile API.

Resources