Open adriancretu opened 8 years ago
Even if nobody seems to care, here is the fix anyway. By default, the Android WebView did not enable JavaScript on the auth page, for some reason. Without any warning anywhere, nothing. JSON responses were returned as new pages. But, I tested on an older device with a completely un-updated WebView or anything (aka, something that worked fine a while ago), and guess what? IT DID NOT WORK EITHER - so something was definitely changed on Twitch's side, unless somehow Android WebViews are magically updated overnight without any user interaction (which ofcourse they arent since they appear in Play Store as updates for some time now).
And the dirty fix: webView.getSettings().setJavaScriptEnabled(true) (which exhibits a security warning that it shouldn't be turned on, but whatever at this point...)
Is this working now? I had this report on the forums, but they're reporting it works now.
It works as long as the WebView has JavaScript enabled (which by default it doesn't). The problem was that the Twitch login page did not use JavaScript until the issue occurred, so the login worked even without that. A better approach would have been of-course that the Twitch login page would still work when JavaScript is not enabled, like it did until this issue surfaced.
I suspect javascript being required is related to anti-botting measures, and I would be moderately surprised if noscript came back, but bots today can pretty trivially use javascript, so... shrug.
Sorry, what I meant by "it should work" was that at least if JS is disabled, it would display an error message instead of letting 3rd party devs spend countless hours trying to find out whatever broke with their auth, which worked the previous day... rendering JSON responses returned from XHR calls is not exactly the most intuitive hint.
Hi. Starting from yesterday (or maybe a few days, not sure), the Twitch OAuth is broken for my users. It worked completely fine until then.
I am using a WebView inside an Android app, and my code intercepts the page's URL changes until it goes to the redirected URL which has the final access token.
Current behaviour: trying to login using the Authorization flow responds with a JSON instead or redirecting, like DOCUMENTED. This breaks the login. Old behaviour: trying to login using the Authorization flow redirects to the correct page, with a URL containing the access token, etc.
Additionally, trying to login using Firefox on Windows using the same auth URL doesn't even work at all ("oops! unexpected error logging you in").
This is the second time I'm left with frustration regarding the Twitch login API. Please, guys, if you do breaking changes from one day to the next, at least document them or use a new API version, so old apps at least still work!!!!