Twitch auth example

[Update] Added support for optional states that is managed inside the lib and renamed some methods so it’s more clear what they do but it is not updated in the [original] post below.

[Original]

General
BlushyFace.Twitch.Authentication is a lightweight C# .NET Core library that makes it easy to authenticate Twitch users using OAuth (OIDC not implemented as I have no real use for it). A valid token (+ required scope(s)) is required to use the various endpoints provided in BlushyFace.Twitch.API and various chat features in BlushyFace.Twitch.Chat

The BlushyFace.Twitch.Authentication lib looks like this:

Available methods
OAuth.OpenBrowserImplicitFlow(…); // opens a browser for implicit flow + redirect
OAuth.OpenBrowserAuthorizationFlow(…); // opens a browser for authorization flow + redirect
OAuth.GetTokenAppAccessAsync(..); // get an app access token
OAuth.GetTokenUserAccessAsync(..); // get a user access token
OAuth.ValidateTokenAsync(…); // validate an access token
OAuth.RefreshTokenAsync(…); // refresh an access token
OAuth.RevokeTokenAsync(…); // revoke an access token

Preparation
1) reference a compiled BlushyFace.Twitch.Authentication.dll version in your C# project.
2) create a new instance of Settings and provide a valid client id, client secret and redirect url (you can get this from dev.twitch.tv/console/apps)
3) pass the settings to a new Authenticate instance and use OAuth like this -> var oAuth = new Authenticate(settings).OAuth; (see below for code example)
4) you now should be ready now to create / refresh / validate / revoke tokens.

var settings = new Settings() { ClientId = "", ClientSecret = "", RedirectUrl = "http://localhost:8081/auth" };
var oAuth = new Authenticate(settings).OAuth;

Note: for demonstration purposes the tests are done running a local HTTP server based on docs.microsoft.com/en-us/dotnet/api/system.net.httplistener?view=netcore-3.1

Implicit code flow
This generates a user access token that is valid for ~60 days and cannot be refreshed.

1) open the implicit flow with the default browser by doing -> oAuth.OpenBrowserImplicitFlow(“scopes here”);
2) after the user authenticates it returns the access token
3) to validate an implicit access token see further below for an example

Authorization code flow
This generates a user access token that is valid for ~4 hours and can be refreshed.

1) open the authorization flow with the default browser by doing -> oAuth.OpenBrowserAuthorizationFlow(“scopes here”);
1a) after the user authenticates it redirects back to the redirect URL and the local HTTP server exchanges the exchange code to a user access token like this:

    if (qsPair.Equals("code"))
    {
        var authToken = await oAuth.GetTokenUserAccessAsync(exchangeCode);
        var validationToken = await oAuth.ValidateTokenAsync(authToken.AccessToken);
        // rest of flow
    }

Client credentials flow
This generates an app access token that is valid for ~60 days and can be refreshed.

1) get an app access token by -> await oAuth.GetTokenAppAccessAsync(“scopes here”);

Validating tokens
1) validating tokens is done by -> await oAuth.ValidateTokenAsync(“access token here”);

Refreshing tokens
Because tokens expire you can refresh them with a refresh token (implicit code flow does not have a refresh token).

1) refreshing tokens is done by -> await oAuth.RefreshTokenAsync(“refresh token here”);

Revoking tokens
1) revoking tokens can be done by -> await oAuth.RevokeTokenAsync(“access token here”);
1a) when successful a “200 OK” status code will be returned

Examples

– refresh an expired token

var token = await _oAuth.ValidateTokenAsync("access token here");
if (token != null)
{
    if (token.ExpiresIn < DateTime.Now)
    {
        // refresh the expired token
        var refresh = await oAuth.RefreshTokenAsync("refresh token here");

        // validate the new token
        var validate = await oAuth.ValidateTokenAsync(refresh.AccessToken);
        // do other stuff here
    }
    else
    {
        // token is still valid
    }
}