46 results found
-
Search is missing from the Embed landing page https://dev.twitch.tv/docs/embed
is missing the docs search function top left/first item in the nav
4 votes -
Extension Pubsub Docs missing whisper targer. https://dev.twitch.tv/docs/extensions/reference/#send-extension-pubsub-message
The docs say Valid values: "broadcast", "global".
But, the target 'whisper-opaqueId' to send "per user" pusub message is missing.
14 votes -
Document error responses https://dev.twitch.tv/docs/authentication/getting-tokens-oauth#oauth-client-credentials-flow
There's no information about error response and it doesn't seem to be fully compatible with RFC 6749 which means I can't find info about possible errors easily.
3 votes -
Date/Version on docs In the dev docs, can you add an "Updated" field with the date of when the page was last updated, or what versions the doc works with? Trying as a newbie now, there's some stale info in here.
2 votes -
Extend Clips API to provide the MP4 url so editors can automate downloads If I have an oAuth that represents a User, where the User is either
- the broadcaster the clip is of
- an editor of the channel that the clip is of
- the user is the owner of the clip
And I make a request for a Clip as documented: https://dev.twitch.tv/docs/api/reference#get-clips
(but with the bearer naturally)
The JSON Response should include the direct link to the MP4 or an ability to download the Clip.
This is off the back of the removal/deprecation of some undocumented API's that I was using to get the MP4 URL for automated download for creation of clip…
340 votes -
Please document optional OAuth 2.0 authorization flow parameter "nonce" Imagine the following attack for the OAuth 2.0 authorization flow:
- Attacker steals the authorization code from the redirect URI.
- Attacker forces his instance of the client to redeem the victim's authorization code.
- If the attacker's instance of the client is faster than the victim's instance of the client in redeeming the authorization code, the attacker will get a valid login session within his instance of the client, but for the victim's account.
This attack should especially get attention in the context of Twitch and live streaming, since many streamers are definitely not aware of this vulnerability: If people are logging…
18 votes
- Don't see your idea?