Skip to content

Instantly share code, notes, and snippets.

@StoneyEagle

StoneyEagle/Device Login.md

Last active March 29, 2024 18:34
Show Gist options
  • Save StoneyEagle/0af75dede28556a602cf4b34e73056b5 to your computer and use it in GitHub Desktop.
Save StoneyEagle/0af75dede28556a602cf4b34e73056b5 to your computer and use it in GitHub Desktop.
Download ZIP
Twitch Device Auth Flow for Postman
Raw
README.md

Logging in to the Twitch API with a Device Grant Flow.

  1. Register your bot/application at https://dev.twitch.tv/console/apps to aquire a client id and secret.
  2. Set the variables twitch-client-id and twitch-client-secret as secret variables in your Postman environment.
  3. Set the twitch-scopes variable as a regular variable and add every permission you think you need in a space separated list.
    DON'T add every scope on planet earth, for safety reasons you want your token to only to be allowed to access what you need .
  4. Send the Device request and click on the verification_uri you get form twitch.
    Read and confirm the permissions Twitch shows you duediligently!!
  5. Accept the request if everything is correct.
  6. Now you can send the Device Login request and receive the access_token and refresh_token that you can use in the 'Token Refresh' and 'Token Validate' requests and in all your other api calls by using the variables TWITCH_TOKENand TWITCH_REFRESH_TOKEN

You can use the test snippets to automate the token updates by putting the code in each of the test sections in Postman.

The Device Request will give you an expiration and an interval to which you are allowed to automate re-checking of the completion, so don't call the Device Login more than specified in the interval or it will block the auth flow.
While the request is not completed you will get a 400 status with the message: authorization_pending

Raw
Device Login.md 
curl --location 'https://id.twitch.tv/oauth2/token' \
--form 'client_id="{{twitch-client-id}}"' \
--form 'scope="{{twitch-scopes}}"' \
--form 'device_code="{{TWITCH_DEVICE_CODE}}"' \
--form 'grant_type="urn:ietf:params:oauth:grant-type:device_code"'
Test
const response = pm.response.json();

if(response?.access_token){
	pm.globals.set("TWITCH_TOKEN", response.access_token);
	pm.globals.set("TWITCH_REFRESH_TOKEN", response.refresh_token);
}
Raw
Device Request.md 
curl --location "https://id.twitch.tv/oauth2/device" \
--form 'client_id="{{twitch-client-id}}"' \
--form 'scopes="{{twitch-scopes}}"'
Test
const response = pm.response.json();

if(response?.device_code){
  pm.globals.set("TWITCH_DEVICE_CODE", response.device_code);
}
Raw
Token Refresh.md 
curl --location "https://id.twitch.tv/oauth2/token" \
--header "Content-Type: application/x-www-form-urlencoded" \
--form 'grant_type="refresh_token"' \
--form 'refresh_token="{{TWITCH_REFRESH_TOKEN}}"' \
--form 'client_id="{{twitch-client-id}}"' \
--form 'client_secret="{{twitch-client-secret}}"'
Test
const response = pm.response.json();

if(response?.access_token){
  pm.globals.set("TWITCH_TOKEN", response.access_token);
}
Raw
Token Validate.md 
curl --location "https://id.twitch.tv/oauth2/validate" \
--header "Authorization: Bearer {{TWITCH_TOKEN}}" \
--header "Client-Id: {{twitch-client-id}}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment