Struct ImplicitUserTokenBuilder

pub struct ImplicitUserTokenBuilder { /* private fields */ }

Builder for OAuth implicit code flow

See UserTokenBuilder for the OAuth authorization code flow (requires Client Secret, generally more secure)

Implementations

impl ImplicitUserTokenBuilder

pub fn new(client_id: ClientId, redirect_url: Url) -> ImplicitUserTokenBuilder

Create a ImplicitUserTokenBuilder

Notes

The redirect_url must be present, verbatim, on the Twitch Developer Console.

The url crate converts empty paths into “/” (such as https://example.com into https://example.com/), which means that you’ll need to add https://example.com/ to your redirect URIs (note the “trailing” slash) if you want to use an empty path.

To avoid this, use a path such as https://example.com/twitch/register or similar instead, where the url crate would not add a trailing /.

pub fn set_scopes(self, scopes: Vec<Scope>) -> Self

Add scopes to the request

pub fn add_scope(&mut self, scope: Scope)

Add a single scope to request

pub fn force_verify(self, b: bool) -> Self

Enable or disable function to make the user able to switch accounts if needed.

pub fn generate_url(&mut self) -> (Url, CsrfToken)

Generate the URL to request a token.

First step in the guide

pub fn csrf_is_valid(&self, csrf: &str) -> bool

Check if the CSRF is valid

pub async fn get_user_token<'a, C>( self, http_client: &'a C, state: Option<&str>, access_token: Option<&str>, error: Option<&str>, error_description: Option<&str>, ) -> Result<UserToken, ImplicitUserTokenExchangeError<<C as Client>::Error>>

where C: Client,

Available on crate feature client only.

Generate the code with the help of the hash.

You can skip this method and instead use the token in the hash directly with UserToken::from_existing(), but it’s provided here for convenience.

Last step in the guide

Example

When the user authenticates, they are sent to <redirecturl>#access_token=<access_token>&scope=<scopes, space (%20) separated>&state=<csrf state>&token_type=bearer

On failure, they are sent to

<redirect_url or first defined url in dev console>?error=<error type>&error_description=<error description>&state=<csrf state> Get the hash of the url with javascript.

document.location.hash.substr(1);

and send it to your client in what ever way convenient.

Provided below is an example of how to do it, no guarantees on the safety of this method.

<!DOCTYPE html>
<html>
<head>
<title>Authorization</title>
<meta name="ROBOTS" content="NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script type="text/javascript">
<!--
function initiate() {
    var hash = document.location.hash.substr(1);
    document.getElementById("javascript").className = "";
    if (hash != null) {
            document.location.replace("/token?"+hash);
    }
    else {
        document.getElementById("javascript").innerHTML = "Error: Access Token not found";
    }
}
-->
</script>
<style type="text/css">
    body { text-align: center; background-color: #FFF; max-width: 500px; margin: auto; }
    noscript { color: red;  }
    .hide { display: none; }
</style>
</head>
<body onload="initiate()">
<h1>Authorization</h1>
<noscript>
    <p>This page requires <strong>JavaScript</strong> to get your token.
</noscript>
<p id="javascript" class="hide">
You should be redirected..
</p>
</body>
</html>

where /token? gives this function it’s corresponding arguments in query params

Make sure that /token removes the query from the history.

<!DOCTYPE html>
<html>
<head>
<title>Authorization Successful</title>
<meta name="ROBOTS" content="NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script type="text/javascript">
<!--
function initiate() {
    //
    document.location.replace("/token_retrieved);
}
-->
</script>
<style type="text/css">
    body { text-align: center; background-color: #FFF; max-width: 500px; margin: auto; }
</style>
</head>
<body onload="initiate()">
<h1>Authorization Successful</h1>
</body>
</html>