Makes omniauth-twitchtv follow the server side omniauth 2.0 flow

[joeljackson]

The authentication-token flow implemented initially in this gem doesn't work because the token is passed back in the url hash that the server can't see.

[masterkain]

Thanks for the pull request, I had to use a hackish javascript workaround to make the code work with the version in the current repository. I tested this with a newly generated secret key, however I'm not getting many data back from twitch.tv, at least the uid field should be present:

06:15:25 web.1     | {
06:15:25 web.1     |        "provider" => "twitchtv",
06:15:25 web.1     |             "uid" => nil,
06:15:25 web.1     |            "info" => {},
06:15:25 web.1     |     "credentials" => {
06:15:25 web.1     |           "token" => "xxxx",
06:15:25 web.1     |         "expires" => false
06:15:25 web.1     |     },
06:15:25 web.1     |           "extra" => {}
06:15:25 web.1     | }

Thoughts?

[joeljackson]

Justintv has sort of weird oauth. You won't get back a uid, just a token which will both uniquely identify the user and provide access to perform actions within the scope you've requested on behalf of the user. You could recover the username in a subsequent call if desired. Sorry, I should have updated he readme/sample. My bad. Here is how we're using it to access stream_keys to allow users to stream from our in gam client

in config/initializers/omniauth,.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
   ...   
   provider :twitchtv, TWITCHTV_KEY, TWITCHTV_SECRET, :scope => 'channel_read'
   ...
end

in the omniauth endpoint:

     if current_db_user.authentications.twitchtv.blank?
        authentication = current_db_user.authentications.twitchtv.create( :secret => request.env['omniauth.auth'][:credentials][:token] )
        unless authentication.valid?
          flash[:alert] = I18n.t("errors.models.authentication.already_in_use")
        end
        track_ga_event('Social','Link','justintv')
      else
        authentication = current_db_user.authentications.twitchtv.first
        authentication.secret = request.env['omniauth.auth'][:credentials][:token]
        authentication.save
      end

then where we grab the stream_key:

    if authentication = current_db_user.authentications.twitchtv.first
      client = HTTPClient.new
      header = { 'Authorization' => "OAuth #{authentication.secret}" }
      result = JSON.parse(client.get("https://api.twitch.tv/kraken/channel", "", header).body)

      respond_with({
        :login => result["name"],
        :stream_key => result["stream_key"]
        }, :location => nil)
    else
      raise ActiveRecord::RecordNotFound
    end

[masterkain]

I see your point, please check this entry in the wiki to see which hash schema keys are required: https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema

There's no problem in making the authenticated call right in the strategy to return the required user info dictionary, usually in the callback_phase of the strategy.

https://github.com/masterkain/omniauth-twitchtv/blob/master/lib/omniauth/strategies/twitchtv.rb#L84

[joeljackson]

Hmm, okay. I'll rework it.

[masterkain]

Thanks, going to test this today.

[joeljackson]

Actually, there's a little quirk depending on whether the user has a twitch account or a jutitv account. I went back and forth with Twitch on the best way to deal with ir, so it's not quite done.

I'll update It tonight.

[masterkain]

All right, don't forget to ignore the sublime text files, and perhaps give the .rvmrc a custom gemset such as @omniauth-twitchtv if you need it or gitignore it as well.

Thanks!

[hayksaakian]

+1

[masterkain]

@joeljackson is there an url pointing to the discussion with twitch going on? I'd like to dig the matter.