This is a sample application that demonstrates how to build an ASP.NET MVC application that uses Twitch for authentication while also providing Twitch API access. The application assumes you are using Auth0 for Authentication and Authorization services. Auth0 offers a free tier that is perfect for hobby projects.
As long as you have the development dependencies installed, the application can be run on your bare metal machine.
- Clone the repository:
git clone https://github.com/NotMyself/twitch-auth.git. - Change directory into the cloned repository
cd twitch-auth. - Temporarily change directory
pushd src/app/. - Run the command
dotnet user-secrets set AUTH0_DOMAIN {auth0-tenant-domain}. - Run the command
dotnet user-secrets set AUTH0_CLIENT_ID {auth0-app-client-id}. - Run the command
dotnet user-secrets set AUTH0_CLIENT_SECRET {auth0-app-client-secret}. - Return to the root of the repository
popd. - Run the command
dotnet run --project src/app.to start the application from the command line. - Optionally, open in Visual Studio Code and run with the debugger.
First you need an Auth0 account.
- Create a free account with Auth0.
- Note your tenant name, you will need it in the next step.
First you will need to register an application with Twitch.
- Register a new application on the Twitch Developer Console.
- Use
https://YOUR_AUTH_TENANT_NAME.auth0.com/login/callbackfor the OAuth Redirect URL. - Use Application Integration as the Category.
- Note the Client ID and Client Secert, you will need it next.
Then, you need to create a new Application to use for OpenID Connect based authentication.
- From the Auth0 Dashboard, click the Create Application button.
- Name it Twitch Authentication, and select Regular Web Applications as the application type.
- Click the Create button.
- Select the Settings Tab.
- Store your Domain, Client ID, and Client Secret using the
dotnet user-secretscommands above.
- Note: These are the values for
AUTH0_DOMAIN,AUTH0_CLIENT_ID, andAUTH0_CLIENT_SECRET.
Then, Create a Custom Social Connection for Twitch in Auth0.
- From the Auth0 Dashboard, select the Extensions menu item in the left hand nav.
- Install the Custom Social Connection extension.
- Enable the Twitch connection.
- Supply your Twitch application credentials.
- Ensure the Twitch Authentication application is allowed to use this connection on the Apps tab.
- Ensure authentication works, by clicking the try button.
Next, the access tokens issued to Auth0 by external Identity Providers are stored in the user profile. But they are not sent out to clients by default. A rule is needed to enrich the issued id token with this data.
Note: This is a short cut method of building this functionality. It is somewhat secure because we are using a server side rendered framework. Care should be taken to never leak these keys to the users browser or devices directly.
- From the Auth0 Dashboard, select the Rules menu item in the left hand nav.
- Click the Create Rule button
- Select the Empty Rule template.
- Name the rule Add IDP Access Tokens as Claims.
- Copy the contents of the
src/rules/addIdpsRule.jsinto the editor. - Click the Save button.
Finally, the rule we created in the last section has a safeguard clause in line 6. It check client metadata for a opt in flag to enable the rule. This is primarily used to ensure clients are not accidentally including IDP tokens in their id tokens. Clients must opt in to the rule.
- From the Auth0 Dashboard, select the Applications menu item in the left hand nav.
- Select the Twitch Authentication application we created earlier.
- On the Settings tab, scroll down and select Show Advanced Settings.
- On the Application Metadata tab add a
includeIdpskey with the value set totrue. - Click the Save Changes button.