177 results found
-
Please document optional OAuth 2.0 authorization flow parameter "nonce" Imagine the following attack for the OAuth 2.0 authorization flow:
- Attacker steals the authorization code from the redirect URI.
- Attacker forces his instance of the client to redeem the victim's authorization code.
- If the attacker's instance of the client is faster than the victim's instance of the client in redeeming the authorization code, the attacker will get a valid login session within his instance of the client, but for the victim's account.
This attack should especially get attention in the context of Twitch and live streaming, since many streamers are definitely not aware of this vulnerability: If people are logging…
18 votes -
Add existing IRC WHISPER command to IRC documentation The IRC gateway passes whispers using the WHISPER code:
[16:36:15] [@] @badges=bits-charity/1;color=#3E2E18;display-name=foo;emotes=;message-id=2;thread-id=21001676_470220570;turbo=0;user-id=2109996;user-type= :foo!foo!foo.twitch.tv WHISPER myuser :this is a whisper
But I am unable to find any reference to that code on https://dev.twitch.tv/docs/irc/commands where I would expect it, or any other documentation page under the "Chatbots and IRC" section.
I would suggest adding the WHISPER command to the list of commands at the top of the page on the IRC: Commands section, something similar to:
WHISPER Receive a Whisper message from another user
and then the prototype at the bottom, to include the fact that it appears the WHISPER command is…
15 votes -
Extension Pubsub Docs missing whisper targer. https://dev.twitch.tv/docs/extensions/reference/#send-extension-pubsub-message
The docs say Valid values: "broadcast", "global".
But, the target 'whisper-opaqueId' to send "per user" pusub message is missing.
14 votes -
Add documentation about how the Chat Filters feature is implemented. Could you please add documentation about how the chat filters feature in web chat is implemented? Other chat client could really benefit from filtering those messages or highlighting them for moderators as suspicious behavior.
To pin point the exact feature I provided screenshots from the official web browser chat:
- in action: https://i.imgur.com/CfzMx0z.png
- and the associated settings: https://i.imgur.com/8dYADBk.png10 votes -
PubSub Docs don't mention Token Type From: https://github.com/twitchdev/issues/issues/25
Brief description
https://dev.twitch.tv/docs/pubsub#topics
PubSub documentation mentions the requirement to use an oAuth token, but doesn't directly specify which type of token, nor the requirement for the UserID of the token to match the UserID of the topic.
Authentication All topics require an OAuth token, but only some topics have a specific required scope (noted in the table below). Available Topics All topics require an OAuth token, but only some topics have a specific required scope (noted in the table).
Expected documentation
…Authentication All topics require a User Access OAuth token, where the UserID of the token matches the
10 votes -
Move GitHub repository to official Twitch organization Please host the example code in an official Twitch organization on GitHub such as:
https://github.com/TwitchDev
https://github.com/twitchtv8 votes -
Get Broadcaster Subscriptions Events From: https://github.com/twitchdev/issues/issues/8
Brief description
The subscription events API is documented as a Webhook topic. but not as a API Endpointhttps://dev.twitch.tv/docs/api/webhooks-reference#topic-subscription-events
It used to be in the documentation but is missing
Expected documentation
https://dev.twitch.tv/docs/api/reference#get-broadcaster-subscriptionsBut for
https://dev.twitch.tv/docs/api/reference#get-broadcaster-subscriptions-events8 votes -
Document API and IRC tags for replies Web chat users got access to the new "replies" feature, where you can mark your message to be a reply of another message.
My suggestion is to add official documentation on how third parties can use this feature (for sending messages and for parsing received messages to be a reply)
7 votes -
PubSub Topics: no moderator topic examples/documentation https://dev.twitch.tv/docs/pubsub
Has no examples or documentation for payloads for chatmoderatoractions
7 votes -
Fix TMI JS example with Promise handling https://dev.twitch.tv/docs/irc#overview
Row:
client.connect();Should be replaced with:
client.connect().catch((err) => {console.log('Connection error!', err)});
or smth like that.Let's show users how to write good code, and show them, that all Promises should be handled. Unhandled promise rejections is bad!
Tmi.js Library also have connect example which contain promise handling
7 votes -
msg-id tags page outdated/incorrect From: https://github.com/twitchdev/issues/issues/68
Docs location: https://dev.twitch.tv/docs/irc/msg-id
bad_ban_global_mod
&bad_timeout_global_mod
are gone for as far as i know (ref: https://blog.twitch.tv/en/2018/12/13/thank-you-global-moderators-4d44cfccf22/)Missing notices for vip events (
vip_success
,unvip_success
,no_vips
,bad_vip_grantee_banned
,bad_vip_grantee_already_vip
,usage_vip
&bad_unvip_grantee_not_vip
Might have missed some.First line says "These tags apply to both the" and than only names one thing.
usage_untimeout has "/raid <username>" in the message.
7 votes -
Data Retention for Banned Events and Moderator Events Both
https://dev.twitch.tv/docs/api/reference#get-banned-events
https://dev.twitch.tv/docs/api/reference#get-moderator-events
Only hold only "data" for a finite time period.
The documentation does not note the time period that data is retained and returned for.
Hypetrains does not it's 5 days.
6 votes -
Open Source Twitch Documentation Twitch has one of the most intelligent and tech savvy user bases of any product I can think of. If Twitch were to make their documentation source code Open Source, members of the community that are tech savvy enough will do your job for you.
I just went through the documentation when trying to figure out how to make my first banner and my first Video Player Banner. I am unaware of what a "Video Player Banner" as someone that does not normally watch much Twitch but is attempting to start to learn more about it.
As someone that works…
5 votes -
User banned extensions unload So it seems that when a user is banned or timed out, extensions unload/are unavailable to those users.
This is not documented.
It should be documented somewhere
5 votes -
Please add an example payload of a resubgift/anonresubgift to the PubSub docs I raised https://twitch.uservoice.com/forums/310213-developers/suggestions/41016568-context-resubgift-in-resub-events?tracking_code=8f96eb083a992136c313fb0ca1d79054 because I ctrl+f'ed for context as apposed to ctrl+f-ing for resubgift.
Please add an example for a resub/anonresubgift
5 votes -
Clarify secure website required This should say a secure website is required. Took me 2 hours to figure out what was wrong.
5 votes -
Emotes referred to as numbers, where this is no longer true The PRIVMSG Twitch Tags documententation
https://dev.twitch.tv/docs/irc/tags#privmsg-twitch-tags
says
Information to replace text in the message with emote images. This can be empty. Syntax: <emote ID>:<first index>-<last index>,<another first index>-<another last index>/<another emote ID>:<first index>-<last index>... emote ID – The number to use in this URL:
Due to channel point modifications, this is no longer true, as emote's are no longer always numbers, they can be xxxx_hf for example
5 votes -
Webhooks topic(s) don't note required oAuth From: https://github.com/twitchdev/issues/issues/59
Brief description
Mod Change and Channel ban Change events don't note the required oAuth scope needed for the topic
https://dev.twitch.tv/docs/api/webhooks-reference#topic-moderator-change-events
https://dev.twitch.tv/docs/api/webhooks-reference#topic-channel-ban-change-eventsExpected documentation
Add, (similar to
Topic: User Changed
)Authentication User Access Token must have the `moderation:read` for the user in question
Additional context or questions
5 votes -
Fix misleading example using CLI to test EventSub handler The example for using the CLI to test your handler shows a secret that looks like a 32-byte hexadecimal string. Actually the CLI interprets it as an ASCII string, so the example is actually passing a 64-byte string for the secret. I found this very misleading and it took me a bit of time to figure out why my code was not computing the correct HMAC until I realized that the format the CLI expects is ASCII string not hexadecimal string.
4 votes -
graph syntax not built on deploy The graphs on this page don't look right. The graph syntax is displaying, not the graph itself.
%% Extensions Overview Diagram graph LR Twitch --> | - postMessage - | Extension Extension --> | - postMessage - | Twitch Extension --> | - HTTP - | APIs Extension --> | - HTTP - | EBS[Extension Backend] Identity --> Twitch Chat --> Twitch Memes --> Twitch
4 votes
- Don't see your idea?