Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Failed obtaining twitch user profile" when using Twitch provider #460

Closed
letectec opened this issue May 7, 2020 · 4 comments
Closed

"Failed obtaining twitch user profile" when using Twitch provider #460

letectec opened this issue May 7, 2020 · 4 comments
Labels
support Questions, discussions, and general support

Comments

@letectec
Copy link

letectec commented May 7, 2020

Support plan

  • which support plan is this issue covered by? (e.g. Community, Core, Plus, or Enterprise): Community
  • is this issue currently blocking your project? (yes/no): yes
  • is this issue affecting a production system? (yes/no): yes

Context

  • node version: tested on v12.16.3 and v14.2.0
  • module version with issue: 12.0.0
  • last module version without issue: 12.0.0
  • environment (e.g. node, browser, native): node
  • used with (e.g. hapi application, another framework, standalone, ...): hapi application
  • any other relevant information: Probably a change of the Twitch Helix API

What are you trying to achieve or the steps to reproduce?

When trying to authenticate a route using @hapi/bell on @hapi/hapi, instead of correctly authenticating the user, @hapi/bell returns an error: Failed obtaining twitch user profile.

To easily replicate this, you can setup the example from this repository and test the endpoint.
It will crash with the same error.

What was the result you got?

An error saying "Failed obtaining twitch user profile."

What result did you expect?

Authentication is successful.

@letectec letectec added the support Questions, discussions, and general support label May 7, 2020
@letectec
Copy link
Author

It appears the bug was on Twitch's end. Closing.

@AndresSp
Copy link

I have the same issue, what is happening?

@letectec
Copy link
Author

I might've been mistaken to close this issue, since it's still happening.

This bug occurs because @hapi/bell is trying to get the OAuth profile details of the user trying to connect and fails.

And sure enough, it wasn't a bug, but a planned security measure, as seen in Twitch's dev forums :

Starting on May 1, 2020, Helix will require the following:

  • Use of OAuth across all endpoints, either via an app access token or user access token.
  • The client ID provided in the corresponding header must match the client ID used to generate the OAuth token.

The Client-ID header is required in all requests to their new Helix API; which is used for OAuth.
AFAIK, @hapi/bell doesn't have a mechanic inside the provider to add this header easily, since it's a user-defined parameter.

There is however, the possibility of using a custom provider with Twitch's provider settings. (which can be found here).
You need to add the Client-ID custom header to the headers object of the custom provider.

I got mine working using this code, keeping in mind that you need to replace all of the secrets with yours.

server.auth.strategy("twitch", "bell", {
    // twitch implementation is broken in @hapi/bell, Client-ID header must be included in each request
    provider: {
      name: "twitch",
      protocol: "oauth2",
      useParamsAuth: true,
      auth: "https://id.twitch.tv/oauth2/authorize",
      token: "https://id.twitch.tv/oauth2/token",
      headers: { 
        "Client-ID": process.env.TWITCH_CLIENT_ID,
      },
      scope: ["user:read:email"],
      scopeSeparator: " ",
      profile: async function (credentials, params, get) {
        const profileResponse = await get(
          "https://api.twitch.tv/helix/users",
          {}
        );
        credentials.profile = profileResponse.data[0];
      },
    },
    password: process.env.COOKIE_PASSWORD,
    clientId: process.env.TWITCH_CLIENT_ID,
    clientSecret: process.env.TWITCH_CLIENT_SECRET,
    isSecure: process.env.NODE_ENV === "production",
  });

This is a pretty bad quick fix to get it working.

Reopening this issue since it's now an implementation error and not Twitch's fault.

@letectec letectec reopened this Aug 18, 2020
@AndresSp
Copy link

Oh thank you so much, I was reading for hours the reason for this problem and I didn't know that I could customize my provider

@letectec letectec closed this as not planned Won't fix, can't repro, duplicate, stale Nov 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
support Questions, discussions, and general support
Projects
None yet
Development

No branches or pull requests

2 participants