[Update] Added support for optional states that is managed inside the lib and renamed some methods so it’s more clear what they do but it is not updated in the [original] post below.
[Original]
General
BlushyFace.Twitch.Authentication is a lightweight C# .NET Core library that makes it easy to authenticate Twitch users using OAuth (OIDC not implemented as I have no real use for it). A valid token (+ required scope(s)) is required to use the various endpoints provided in BlushyFace.Twitch.API and various chat features in BlushyFace.Twitch.Chat
The BlushyFace.Twitch.Authentication lib looks like this:
Available methods
OAuth.OpenBrowserImplicitFlow(…); // opens a browser for implicit flow + redirect
OAuth.OpenBrowserAuthorizationFlow(…); // opens a browser for authorization flow + redirect
OAuth.GetTokenAppAccessAsync(..); // get an app access token
OAuth.GetTokenUserAccessAsync(..); // get a user access token
OAuth.ValidateTokenAsync(…); // validate an access token
OAuth.RefreshTokenAsync(…); // refresh an access token
OAuth.RevokeTokenAsync(…); // revoke an access token
Preparation
1) reference a compiled BlushyFace.Twitch.Authentication.dll version in your C# project.
2) create a new instance of Settings and provide a valid client id, client secret and redirect url (you can get this from dev.twitch.tv/console/apps)
3) pass the settings to a new Authenticate instance and use OAuth like this -> var oAuth = new Authenticate(settings).OAuth; (see below for code example)
4) you now should be ready now to create / refresh / validate / revoke tokens.
var settings = new Settings() { ClientId = "", ClientSecret = "", RedirectUrl = "http://localhost:8081/auth" }; var oAuth = new Authenticate(settings).OAuth;
Note: for demonstration purposes the tests are done running a local HTTP server based on docs.microsoft.com/en-us/dotnet/api/system.net.httplistener?view=netcore-3.1
Implicit code flow
This generates a user access token that is valid for ~60 days and cannot be refreshed.
1) open the implicit flow with the default browser by doing -> oAuth.OpenBrowserImplicitFlow(“scopes here”);
2) after the user authenticates it returns the access token
3) to validate an implicit access token see further below for an example
Authorization code flow
This generates a user access token that is valid for ~4 hours and can be refreshed.
1) open the authorization flow with the default browser by doing -> oAuth.OpenBrowserAuthorizationFlow(“scopes here”);
1a) after the user authenticates it redirects back to the redirect URL and the local HTTP server exchanges the exchange code to a user access token like this:
if (qsPair.Equals("code")) { var authToken = await oAuth.GetTokenUserAccessAsync(exchangeCode); var validationToken = await oAuth.ValidateTokenAsync(authToken.AccessToken); // rest of flow }
Client credentials flow
This generates an app access token that is valid for ~60 days and can be refreshed.
1) get an app access token by -> await oAuth.GetTokenAppAccessAsync(“scopes here”);
Validating tokens
1) validating tokens is done by -> await oAuth.ValidateTokenAsync(“access token here”);
Refreshing tokens
Because tokens expire you can refresh them with a refresh token (implicit code flow does not have a refresh token).
1) refreshing tokens is done by -> await oAuth.RefreshTokenAsync(“refresh token here”);
Revoking tokens
1) revoking tokens can be done by -> await oAuth.RevokeTokenAsync(“access token here”);
1a) when successful a “200 OK” status code will be returned
Examples
– refresh an expired token
var token = await _oAuth.ValidateTokenAsync("access token here"); if (token != null) { if (token.ExpiresIn < DateTime.Now) { // refresh the expired token var refresh = await oAuth.RefreshTokenAsync("refresh token here"); // validate the new token var validate = await oAuth.ValidateTokenAsync(refresh.AccessToken); // do other stuff here } else { // token is still valid } }