Translate Ideas and Comments
Choose language:
There was an error during translation

Developers

Categories

JUMP TO ANOTHER FORUM

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Imagine the following attack for the OAuth 2.0 authorization flow:

    1. Attacker steals the authorization code from the redirect URI.
    2. Attacker forces his instance of the client to redeem the victim's authorization code.
    3. If the attacker's instance of the client is faster than the victim's instance of the client in redeeming the authorization code, the attacker will get a valid login session within his instance of the client, but for the victim's account.

    This attack should especially get attention in the context of Twitch and live streaming, since many streamers are definitely not aware of this vulnerability: If people are logging…

    17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Investigating  ·  1 comment  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. The IRC gateway passes whispers using the WHISPER code:

    [16:36:15] [@] @badges=bits-charity/1;color=#3E2E18;display-name=foo;emotes=;message-id=2;thread-id=21001676_470220570;turbo=0;user-id=2109996;user-type= :foo!foo!foo.twitch.tv WHISPER myuser :this is a whisper
    

    But I am unable to find any reference to that code on https://dev.twitch.tv/docs/irc/commands where I would expect it, or any other documentation page under the "Chatbots and IRC" section.

    I would suggest adding the WHISPER command to the list of commands at the top of the page on the IRC: Commands section, something similar to:

    WHISPER Receive a Whisper message from another user

    and then the prototype at the bottom, to include the fact that it appears the WHISPER command is…

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Investigating  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. https://dev.twitch.tv/docs/extensions/reference/#send-extension-pubsub-message

    The docs say Valid values: "broadcast", "global".

    But, the target 'whisper-opaqueId' to send "per user" pusub message is missing.

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Investigating  ·  1 comment  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Could you please add documentation about how the chat filters feature in web chat is implemented? Other chat client could really benefit from filtering those messages or highlighting them for moderators as suspicious behavior.

    To pin point the exact feature I provided screenshots from the official web browser chat:
    - in action: https://i.imgur.com/CfzMx0z.png
    - and the associated settings: https://i.imgur.com/8dYADBk.png

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. From: https://github.com/twitchdev/issues/issues/25

    Brief description

    https://dev.twitch.tv/docs/pubsub#topics

    PubSub documentation mentions the requirement to use an oAuth token, but doesn't directly specify which type of token, nor the requirement for the UserID of the token to match the UserID of the topic.

    Authentication
    All topics require an OAuth token, but only some topics have a specific required scope (noted in the table below).
    
    Available Topics
    All topics require an OAuth token, but only some topics have a specific required scope (noted in the table).
    

    Expected documentation

    Authentication
    All topics require a User Access OAuth token, where the UserID of the token matches the
    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  1 comment  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. 8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Please host the example code in an official Twitch organization on GitHub such as:
    https://github.com/TwitchDev
    https://github.com/twitchtv

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Investigating  ·  1 comment  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. From: https://github.com/twitchdev/issues/issues/68

    Docs location: https://dev.twitch.tv/docs/irc/msg-id

    bad_ban_global_mod & bad_timeout_global_mod are gone for as far as i know (ref: https://blog.twitch.tv/en/2018/12/13/thank-you-global-moderators-4d44cfccf22/)

    Missing notices for vip events (vip_success, unvip_success, no_vips, bad_vip_grantee_banned, bad_vip_grantee_already_vip, usage_vip & bad_unvip_grantee_not_vip Might have missed some.

    First line says "These tags apply to both the" and than only names one thing.

    usage_untimeout has "/raid <username>" in the message.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Both

    https://dev.twitch.tv/docs/api/reference#get-banned-events

    https://dev.twitch.tv/docs/api/reference#get-moderator-events

    Only hold only "data" for a finite time period.

    The documentation does not note the time period that data is retained and returned for.

    Hypetrains does not it's 5 days.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Web chat users got access to the new "replies" feature, where you can mark your message to be a reply of another message.

    My suggestion is to add official documentation on how third parties can use this feature (for sending messages and for parsing received messages to be a reply)

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Investigating  ·  1 comment  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. https://dev.twitch.tv/docs/irc#overview

    Row:
    client.connect();

    Should be replaced with:
    client.connect().catch((err) => {console.log('Connection error!', err)});
    or smth like that.

    Let's show users how to write good code, and show them, that all Promises should be handled. Unhandled promise rejections is bad!

    Tmi.js Library also have connect example which contain promise handling

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. This should say a secure website is required. Took me 2 hours to figure out what was wrong.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. https://dev.twitch.tv/docs/pubsub

    Has no examples or documentation for payloads for chatmoderatoractions

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. The example for using the CLI to test your handler shows a secret that looks like a 32-byte hexadecimal string. Actually the CLI interprets it as an ASCII string, so the example is actually passing a 64-byte string for the secret. I found this very misleading and it took me a bit of time to figure out why my code was not computing the correct HMAC until I realized that the format the CLI expects is ASCII string not hexadecimal string.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. So it seems that when a user is banned or timed out, extensions unload/are unavailable to those users.

    This is not documented.

    It should be documented somewhere

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. It should be more obvious that Twitch IRC: Commands needs the commands capability, Twitch IRC: Tags needs the tags capability, Membership page needs the membership capability.

    IE:

    Literally add a paragraph at the top to the effect of

    The Twitch IRC responses outlined on this page requires the connection to have requested the $whatever capability as outlined on the https://dev.twitch.tv/docs/irc/guide#twitch-irc-capabilities Capabilities section of the guide.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. 4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. The PRIVMSG Twitch Tags documententation

    https://dev.twitch.tv/docs/irc/tags#privmsg-twitch-tags

    says

        Information to replace text in the message with emote images. This can be empty. Syntax:
    <emote ID>:<first index>-<last index>,<another first index>-<another last index>/<another emote ID>:<first index>-<last index>...
    emote ID – The number to use in this URL:
    

    Due to channel point modifications, this is no longer true, as emote's are no longer always numbers, they can be xxxx_hf for example

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Investigating  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. From: https://github.com/twitchdev/issues/issues/59

    Brief description

    Mod Change and Channel ban Change events don't note the required oAuth scope needed for the topic

    https://dev.twitch.tv/docs/api/webhooks-reference#topic-moderator-change-events
    https://dev.twitch.tv/docs/api/webhooks-reference#topic-channel-ban-change-events

    Expected documentation

    Add, (similar to Topic: User Changed)

    Authentication
    User Access Token must have the `moderation:read` for the user in question
    

    Additional context or questions

    https://discuss.dev.twitch.tv/t/webhook-topic-for-channel-ban-change-events-and-moderator-change-events-doesnt-require-oauth-scope/24105

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    In Progress  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. The graphs on this page don't look right. The graph syntax is displaying, not the graph itself.

    %% Extensions Overview Diagram
    graph LR
        Twitch --> | - postMessage - | Extension
        Extension --> | - postMessage - | Twitch
        Extension --> | - HTTP - | APIs
        Extension --> | - HTTP - | EBS[Extension Backend]
        Identity --> Twitch
        Chat --> Twitch
        Memes --> Twitch
    
    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
← Previous 1 3 4 5 6 7
  • Don't see your idea?