An Example / Reference Implementation of Twitch Authentication and Chat Message Handling.
This example is meant for people to potentially understand more thoroughly how to handle Authentication with Twitch in an Application that is running in a trusted location (Like the Developer's PC or a server served via localhost, like a Dev environment).
Please make sure that you NEVER share your Client Secret or Tokens with ANYONE - they are passwords, so treat them as such.
For Apps you want to distribute, you will want to choose to run either with the implicit authentication flow (which is not utilized in this example) or let the user provide their own application details - the latter of which is a bit frowned upon, as the app technically is still made by a developer, not the end user, so the client_id used to generate a token should be identifying the developer.
To use the config file, rename it to config.json and modify the values accordingly, or create a new file.
clientid- should be your Application's Client ID which you can find on your dashboard. This is public and may be shared for the purposes of Implicit Authentication.secret- your Client Secret, also found on your dashboard. This is a Secret String you must not share publicly, ever.lasttoken- the last token the application used and stored to have it be reused on the next startup.debug- true or false, prints some addditional info to the console if you want to see what's happening.usertoken- whether or not to use a User Access Token isntead of an Application Access Token. This is the main part of this example as it shows the difference between the two types and how to get each token - an Application Access Token generated by the Client Credentials Flow does not have any Scopes assigned to it and is not tied to a user. Thus, it cannot be used to sign in to chat or request private Info from the API. A User Access Token generated by the Authorization Code Flow, in contrast, is tied to a user and indicates the users' explicit consent to let the Developer / Application access to certain privileged information, like signing in to chat and reading the messages the user receives.
While this example is implemented in Python, you can apply the concepts seen here with most other Programming languages - they key takeaways being that you can Open a Browser to a specific Address so the user can authorize your app, after which their webbrowser sends a code back to your App, which listens on a socket, so your app can then exchange it for a topken - or, if that is not an option, you can generate an App Access Token that does not require any user input, but is restricted in its capabilities.
I hope this helps.
~Maren