30 results found
-
Please document optional OAuth 2.0 authorization flow parameter "nonce" Imagine the following attack for the OAuth 2.0 authorization flow:
- Attacker steals the authorization code from the redirect URI.
- Attacker forces his instance of the client to redeem the victim's authorization code.
- If the attacker's instance of the client is faster than the victim's instance of the client in redeeming the authorization code, the attacker will get a valid login session within his instance of the client, but for the victim's account.
This attack should especially get attention in the context of Twitch and live streaming, since many streamers are definitely not aware of this vulnerability: If people are logging…
18 votes -
Add existing IRC WHISPER command to IRC documentation The IRC gateway passes whispers using the WHISPER code:
[16:36:15] [@] @badges=bits-charity/1;color=#3E2E18;display-name=foo;emotes=;message-id=2;thread-id=21001676_470220570;turbo=0;user-id=2109996;user-type= :foo!foo!foo.twitch.tv WHISPER myuser :this is a whisperBut I am unable to find any reference to that code on https://dev.twitch.tv/docs/irc/commands where I would expect it, or any other documentation page under the "Chatbots and IRC" section.
I would suggest adding the WHISPER command to the list of commands at the top of the page on the IRC: Commands section, something similar to:
WHISPER Receive a Whisper message from another user
and then the prototype at the bottom, to include the fact that it appears the WHISPER command is…
15 votes -
Extension Pubsub Docs missing whisper targer. https://dev.twitch.tv/docs/extensions/reference/#send-extension-pubsub-message
The docs say Valid values: "broadcast", "global".
But, the target 'whisper-opaqueId' to send "per user" pusub message is missing.
14 votes -
Move GitHub repository to official Twitch organization Please host the example code in an official Twitch organization on GitHub such as:
https://github.com/TwitchDev
https://github.com/twitchtv8 votes -
Document API and IRC tags for replies Web chat users got access to the new "replies" feature, where you can mark your message to be a reply of another message.
My suggestion is to add official documentation on how third parties can use this feature (for sending messages and for parsing received messages to be a reply)
7 votes -
Emotes referred to as numbers, where this is no longer true The PRIVMSG Twitch Tags documententation
https://dev.twitch.tv/docs/irc/tags#privmsg-twitch-tags
says
Information to replace text in the message with emote images. This can be empty. Syntax: <emote ID>:<first index>-<last index>,<another first index>-<another last index>/<another emote ID>:<first index>-<last index>... emote ID – The number to use in this URL:Due to channel point modifications, this is no longer true, as emote's are no longer always numbers, they can be xxxx_hf for example
5 votes -
Update References to v5 API There are reference to V5 API here to get user and channel ID.
Combined with the GitHub Sample at https://github.com/twitchdev/pubsub-javascript-sample that is still using it this is very confusing to get to work.
Suggest to update the sample and this article to reference the helix APIs instead.4 votes -
Document how join and authentication limits apply to anonymous connections. https://dev.twitch.tv/docs/irc/guide#command--message-limits says:
- 20 authenticate attempts per 10 seconds per user (200 for verified bots)
- 20 join attempts per 10 seconds per user (2000 for verified bots)however it's unclear how these limits apply to anonymous connections. Is there no limit to join attempts at all when you have authenticated as an anonymous user? And do authentication attempts for anonymous users (NICK justinfan12345) count towards the rate limit?
4 votes -
anonsubgift, anonsubmysterygift, anongiftpaidupgrade are documented but never occur https://dev.twitch.tv/docs/irc/tags#usernotice-twitch-tags documents anonsubgift and anongiftpaidupgrade. I found this announcement post https://discuss.dev.twitch.tv/t/anonymous-sub-gifting-to-launch-11-15-launch-details/18683 saying that apparently it was temporarily disabled as a workaround. As far as I can tell to this day the workaround is used. The documentation should be updated to remove the originally planned but never put into service types, and instead document that anonymous gifts come from AnAnonymousGifter.
4 votes -
Remove jQuery from the GA Example The examples for Google Analytics suggest using jQuery. Which is extra bloat if an extension hasn't use jQuery to start with and can lead to confusion
4 votes -
Add a copy link icon to each section header Since the docs are so long, and each header has an ID you can link to, you should put a link icon that copies the link to clipboard for each header for easy sharing.
3 votes -
How to send a basic API GET request with ajax or postman Unhelpful page. I want to send an API request to test through Postman, but I do not understand what format to put it in. It is asking for an OAuth token, but that request does not mention anything about that. Very confusing.
3 votes -
Expand on V5 to Helix mappings the V5 scope 'user_read' is not listed here. In the migration document it suggests that that is equivalent to the helix scope user:read:email. Is that correct?
Is there a V5 scope that matches the new helix user:read:broadcast
3 votes -
Publish Official Typescript Typing's for all Data Models It would be very easy to build and design for if there were official typing for all data endpoints. The data between all the different API's for the same data isn't consistent, and with event sub, since it no longer relies on the underlying Helix endpoint, that data can now be different too. This will also mitigate typos on the docs which causes huge headaches when trying to code for API responses and the data not working, or missing fields. The typing can specify which fields are required and which are optional, so when designing your app, you can easily…
3 votes -
Inaccurate info in instrcutions It appears that the Glitch file has been changed! I couldn't get the !dice command to work, until i figured that the command had been changed to !d20 along with the number of sides changed to 20. Or maybe this was a ploy.... to help me understand coding better... Thanks!
3 votes -
Documentation is misleading The example and/or documentation of the "Channel Points Event Message" seem to be wrong/misleading, because the example reply does not match the structure of "Message Parameters: All Messages"
3 votes -
Fixed position or better visibility for important announcements As per a request from Barry, it would helpful if any flagged messages on a page were fixed or visible when loading a bookmarked section. For example, right now there is an important message on the API reference page about OAuth requirements for Helix, but if someone goes directly to https://dev.twitch.tv/docs/api/reference#get-streams, they will not see this message currently.
3 votes -
Document error responses https://dev.twitch.tv/docs/authentication/getting-tokens-oauth#oauth-client-credentials-flow
There's no information about error response and it doesn't seem to be fully compatible with RFC 6749 which means I can't find info about possible errors easily.
3 votes -
Put a link to the tutorial here Where's the link to the tutorial?
2 votes -
Fix AutoMod status doc - example curl request The example curl request here:
https://dev.twitch.tv/docs/api/reference#check-automod-status
Doesn't work.1) It needs a broadcasterid query param
2) It needs the content-type header (application/json)
3) I get a 500 error using the provided "userid"s in the post body, using other user_ids worksI spent more time than I care to admit figuring this out, so it seems like fixing this will probably hep somebody out in the future.
If these three things are fixed the call succeeds.
2 votes
- Don't see your idea?