Translate Ideas and Comments
Choose language:
There was an error during translation

Developers

Categories

JUMP TO ANOTHER FORUM

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Imagine the following attack for the OAuth 2.0 authorization flow:


    1. Attacker steals the authorization code from the redirect URI.

    2. Attacker forces his instance of the client to redeem the victim's authorization code.

    3. If the attacker's instance of the client is faster than the victim's instance of the client in redeeming the authorization code, the attacker will get a valid login session within his instance of the client, but for the victim's account.

    This attack should especially get attention in the context of Twitch and live streaming, since many streamers are definitely not aware of this vulnerability: If people are logging…

    13 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Investigating  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  2. https://dev.twitch.tv/docs/extensions/reference/#send-extension-pubsub-message

    The docs say Valid values: "broadcast", "global".

    But, the target 'whisper-opaqueId' to send "per user" pusub message is missing.

    10 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Investigating  ·  1 comment  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  3. Could you please add documentation about how the chat filters feature in web chat is implemented? Other chat client could really benefit from filtering those messages or highlighting them for moderators as suspicious behavior.

    To pin point the exact feature I provided screenshots from the official web browser chat:
    - in action: https://i.imgur.com/CfzMx0z.png
    - and the associated settings: https://i.imgur.com/8dYADBk.png

    7 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  4. The IRC gateway passes whispers using the WHISPER code:


    [16:36:15] [@] @badges=bits-charity/1;color=#3E2E18;display-name=foo;emotes=;message-id=2;thread-id=21001676_470220570;turbo=0;user-id=2109996;user-type= :foo!foo!foo.twitch.tv WHISPER myuser :this is a whisper

    But I am unable to find any reference to that code on https://dev.twitch.tv/docs/irc/commands where I would expect it, or any other documentation page under the "Chatbots and IRC" section.

    I would suggest adding the WHISPER command to the list of commands at the top of the page on the IRC: Commands section, something similar to:

    WHISPER Receive a Whisper message from another user

    and then the prototype at the bottom, to include the fact that it appears the WHISPER command is…

    7 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Investigating  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  5. This should say a secure website is required. Took me 2 hours to figure out what was wrong.

    5 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  6. https://dev.twitch.tv/docs/api/reference#get-moderators Under optional parameter for user_id the description says for users who are banned in this channel for the moderators endpoint.

    5 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    In Progress  ·  2 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  7. From: https://github.com/twitchdev/issues/issues/25

    Brief description

    https://dev.twitch.tv/docs/pubsub#topics

    PubSub documentation mentions the requirement to use an oAuth token, but doesn't directly specify which type of token, nor the requirement for the UserID of the token to match the UserID of the topic.

    Authentication
    
    All topics require an OAuth token, but only some topics have a specific required scope (noted in the table below).

    Available Topics
    All topics require an OAuth token, but only some topics have a specific required scope (noted in the table).

    Expected documentation

    Authentication
    
    All topics require a User Access OAuth token, where the UserID of the token matches the
    5 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  1 comment  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  8. 5 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  9. The actual docs states that "When you make a request with expired or incorrect authorization credentials, the API returns a WWW-Authenticate header (with an invalid_token error) and a 401 Unauthorized status", but the WWW-Authenticate header is not present in the response.

    Moreover the example shows a kraken endpoint.

    4 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  10. Both

    https://dev.twitch.tv/docs/api/reference#get-banned-events

    https://dev.twitch.tv/docs/api/reference#get-moderator-events

    Only hold only "data" for a finite time period.

    The documentation does not note the time period that data is retained and returned for.

    Hypetrains does not it's 5 days.

    4 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  11. It should be more obvious that Twitch IRC: Commands needs the commands capability, Twitch IRC: Tags needs the tags capability, Membership page needs the membership capability.

    IE:

    Literally add a paragraph at the top to the effect of

    The Twitch IRC responses outlined on this page requires the connection to have requested the $whatever capability as outlined on the https://dev.twitch.tv/docs/irc/guide#twitch-irc-capabilities Capabilities section of the guide.

    4 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  12. 4 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  13. https://dev.twitch.tv/docs/pubsub

    Has no examples or documentation for payloads for chatmoderatoractions

    4 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  14. https://dev.twitch.tv/docs/irc#overview

    Row:
    client.connect();

    Should be replaced with:
    client.connect().catch((err) => {console.log('Connection error!', err)});
    or smth like that.

    Let's show users how to write good code, and show them, that all Promises should be handled. Unhandled promise rejections is bad!

    Tmi.js Library also have connect example which contain promise handling

    4 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  15. From: https://github.com/twitchdev/issues/issues/68

    Docs location: https://dev.twitch.tv/docs/irc/msg-id

    bad_ban_global_mod & bad_timeout_global_mod are gone for as far as i know (ref: https://blog.twitch.tv/en/2018/12/13/thank-you-global-moderators-4d44cfccf22/)

    Missing notices for vip events (vip_success, unvip_success, no_vips, bad_vip_grantee_banned, bad_vip_grantee_already_vip, usage_vip & bad_unvip_grantee_not_vip Might have missed some.

    First line says "These tags apply to both the" and than only names one thing.

    usage_untimeout has "/raid <username>" in the message.

    4 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  16. From: https://github.com/twitchdev/issues/issues/59

    Brief description

    Mod Change and Channel ban Change events don't note the required oAuth scope needed for the topic

    https://dev.twitch.tv/docs/api/webhooks-reference#topic-moderator-change-events
    https://dev.twitch.tv/docs/api/webhooks-reference#topic-channel-ban-change-events

    Expected documentation

    Add, (similar to Topic: User Changed)

    Authentication
    
    User Access Token must have the `moderation:read` for the user in question

    Additional context or questions

    https://discuss.dev.twitch.tv/t/webhook-topic-for-channel-ban-change-events-and-moderator-change-events-doesnt-require-oauth-scope/24105

    4 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    In Progress  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  17. Declares that only broadcasterid and rewardid are required.

    A call to

    https://api.twitch.tv/helix/channelpoints/customrewards/redemptions?broadcasterid=10817445&rewardid=e28e55f3-9743-4365-840c-b4e2b82d386f

    results in

    {
    "error": "Bad Request",
    "status": 400,
    "message": "missing redemption status"
    }

    The documentation lists status as not required

    3 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  18. 3 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  19. The examples for Google Analytics suggest using jQuery. Which is extra bloat if an extension hasn't use jQuery to start with and can lead to confusion

    3 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Investigating  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  20. As per this other uservoice

    https://twitch.uservoice.com/forums/310213-developers/suggestions/39645769-moderator-actions-pubsub-topic-should-work-for-all

    The moderation actions PubSub at time of writing requires a key from the channel you wish to listen to with the scope channel:moderate

    However the scopes page

    https://dev.twitch.tv/docs/authentication/#scopes

    is mis leading as it only talks about how the scope works for chat leading to confusion with pubsub operation

    "Perform moderation actions in a channel. The user requesting the scope must be a moderator in the channel."

    The wording needs to be changed and/or the pubsub topic adjusted to support being able to read moderator events as a moderator

    3 votes
    Sign in Sign in with: OpenID Connect
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?