Copy Subscription Support for channel moderation support in extensions
https://discuss.dev.twitch.tv/t/new-extension-policy-updates-including-a-moderation-section/24410/3
As noted for the new policy, we should prevent people banned/timed out from the channel, from submitting content.
Theres no way to do that without an extensions developer creating an external oAuth loop to request the relevant scopes from a broadcaster.
Duplicate the subscription scope capability to a the channel moderation scope to facilitate this policy being enforceable and negate the need for two sets of keys for each extension.
Policy 7.5 is being removed today as mentioned in our recent announcement. See the post for more information. We will close this suggestion since the functionality is no longer needed to comply with the removed policy. https://discuss.dev.twitch.tv/t/extension-policy-update-moderation/30215
-
rootfrogs commented
I put also a +1 here.
We don't have the OAuth loop implemented at all and need it now to comply with 7.5 just to get this simple "banned/notbanned" information.
I think most of the extension will stop working when the user is banned. So why not do it in this manner and give a option to "Deactivate extension when user is banned" and when you really like your extension also be usable from banned users the developer can do so by deactivate this option.
I mean when this is default on, all extensions automatically comply 7.5 without every developer has to handle this mechanism.
Refer: https://discuss.dev.twitch.tv/t/cannot-get-banned-users-forbidden-403/25876/4
-
modem commented
Would also like to put my +1 here.
I rewrote the authorization flow for my extension a while back from juggling user OAuth tokens to using these decorated app tokens. Subscription statuses was all I needed and it's much more convenient to let broadcasters toggle that feature in the centralized extensions permissions page.
Now I'm worried that having to re-implement the previous token generation system to adhere to the new moderation guidelines could be grossly inconvenient on both sides: I'll either have to rewrite the token platform again and roll the subscriptions scope back into it, or prompt users for authorization twice during installation.
-
BarryCarlyon commented
Additional use cases for duplicating "easy" access to "moderation:read"
Is for extension developers to
- Check for banned/timed out users (as per the new policy)
- Check input strings against auto mod for the channel https://dev.twitch.tv/docs/api/reference/#check-automod-status
- Easily look up moderators (Get Moderators) for control panels for an extension, that may live off the Twitch Platform for ease of use.This last point also means that moderator gated tooling doesn't have to be bundled into the frontend JS/HTML of an extension, which further removes an attack vector as the API the extension uses to talk to the EBS are not publically listed in the front end code.