search

nicklaw5 / helix

A Twitch Helix API client written in Go.
MIT License
243 stars 88 forks source link

How can I use current access token with ValidateToken? #56

Closed lornajane closed 4 years ago

lornajane commented 4 years ago

I have an app that runs while I'm streaming, using this library for Twitch integration (thanks!). I'd like to check if the access token is valid before making API calls, since it's quite likely that my token may expire so I can use the refresh token to update it in that case.

How can I get my current access token from the client in order to check if it is valid? Or is there a way to ask the method itself to use the current token rather than a provided one? Is this a feature that would be useful to others?

Scorfly commented 4 years ago

Hi !

https://dev.twitch.tv/docs/authentication

« App access tokens expire after about 60 days, so you should check that your app access token is valid by submitting a request to the validation endpoint (see Validating Requests). If your token has expired, generate a new one. »

If the token is expired, you need to regen a new one. You can only refresh valid token to postponed its expiration

As twitch documentation say, you can call https://id.twitch.tv/oauth2/validate to check if you token is valid

It seems to be done in helix.ValidateToken (in authentication.go)

lornajane commented 4 years ago

Thanks! (it's a user access token, I should have said that already). I get the access token, I add it to the client with client.SetUserAccessToken(). Should I also store it somewhere else as well so that I can check if the token is valid with client.ValidateToken(userAccessToken), since I have to supply the value again to that? I feel like I'm missing something, the client has the access token, it uses it to send other requests... can it help me by using the current access token and checking its validity?

Scorfly commented 4 years ago

the function take a token in parameter, you dont have to set it with SetUserAccessToken to test it

isValid, resp, err := helix.ValidateToken("your-user-access-token")

you will have information if its valid ( isValid boolean ) and details about it ( in the resp )

lornajane commented 4 years ago

So the required flow is:

I was hoping that the client might be able to use the copy of the access token value that it already had! I understand that I can pass as a parameter, my question is whether that is the only option. I was hoping to find a getter on the access_token, or an option for the client to re-use the value it already has, or allow me to access it.

nicklaw5 commented 4 years ago

Hi @lornajane. I stalked your GitHub profile and stumbled across your Twitch stream yesterday :smiley:

After watching you're vod, I can understand what you're wanting to do. You expect client.GetUserAccessToken() to return the currently set user access token, right?

As you already know, the client.GetUserAccessToken() accepts an authorization code to request an access token from Twitch. In retrospect, naming that method GetUserAccessToken is not great given you expect it to return the current access token.

What I propose we do is:

That would then allow you to do the following:

isValid, resp, err := client.ValidateToken(client.GetUserAccessToken())

Thoughts?

lornajane commented 4 years ago

I consider myself stalked :) That sounds great! It sounds like a really breaking change though ... I'd be equally happy with either:

Just tag me if there's a branch I should test or anything, I'm happy to help if I can!

nicklaw5 commented 4 years ago

@lornajane see #57

I've introduced the breaking change, which is fine because I intend to bump this project to a v1.0 release.

I have left the ValidateToken method unchanged as I can see that some people may not want to set the token on the client in order to validate it.

Feel free to test it or offer any suggested changes. Let me know if this resolves your issue.