Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve API authentication #96

Open
mitchwadair opened this issue Apr 24, 2023 · 0 comments
Open

Improve API authentication #96

mitchwadair opened this issue Apr 24, 2023 · 0 comments

Comments

@mitchwadair
Copy link
Owner

The current design for API auth and sessions is very basic and definitely needs improvement. Consider not handling sessions at all, and verifying each request with Twitch instead.

For example, each API call should come in with a channel ID and an access token (currently, the session ID which expires after 5 mins of inactivity). In the new design, we should instead use the Twitch access token directly and verify that the access token matches the channel ID by verifying with Twitch.

This will create a challenge with refreshing the token after some time away from the UI, as the bot itself will refresh UATs itself. We will need to store a last known refresh token or something so the UI can properly refresh the token even after some time away.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant