api
api copied to clipboard
Bungie-net
Feature Request: Add ability to set the redirect url per API Key
This is probably a distant future wishlist thing, but in order to use OAuth in a Twitch extension I have to have 2 production apps (one for the current version and one for legacy while the current version is getting approved) plus obviously the one I need for localhost development. The redirect url for the authorize page actually changes for every build I make because it includes an MD5 in the url.
It would be really cool to be able to specify the redirect URL as part of the individual API Key settings so I am only managing one app for all versions of my Twitch extension!
Is the MD5 hash in the URL a Twitch requirement? What does that hash encompass?
It's a hash of the uploaded zip file build. This is what the path to the extension files looks like:
https://{appId}.ext-twitch.tv/{appId}/{appVersion}/{md5Hash}/authorize.html
Each release of the extension is a new version, but every time you upload a new build to that version, it generates a new md5 hash. Some aspects of Twitch Extensions (ie mobile) require moving a version being tested into hosted test mode, which is basically their production environment and that requires a new zip build to be uploaded.
Interesting. Would wild card redirect URL solved the issue. For example, if you could type: https://appId.ext-twitch.tv/appId/appVersion/*/authorize.html?
What like being able to pass the md5 hash in the authorize url? I think if you could include the auth url as a return parameter and it matched against your app settings with wild cards for the appVersion and md5 hash, that would work too! ie
https://{appid}.ext-twitch.tv/{appId}/*/*/authorize.html
I think I am confused by the authorize page + redirect URL connection. Can you briefly describe how the Twitch auth page works together with Bungie.net oauth?
I am using the live config page of the extension (it shows up on the streamer’s dashboard while they are streaming) as the backend for retrieving all the streamers profile data from Bungie before broadcasting it to all the viewers via PubSub. The goal was to not have the extension tethered to a website/backend and keep it entirely standalone. So I need to authorize this page in order to retrieve the streamer’s private info. The job of the authorize page is to capture the auth code and store it temporarily in localStorage which the live config is watching. It then generates an auth token and removes the auth code.
Ahh, so the redirect URL is to the extension which keeps changing. BTW, we chose to not allow wildcards for the redirect URL because it is probably the most frequent vector in OAuth for abuse by hackers. What are the major hardships of having two production apps? I imagine users may be confused to see the two apps on their linked accounts page. What else?
3 out of my 10 apps (need one for development too) would be dedicated to the twitch extension. I am probably one of a few who have actually used up all their allocated app spaces though.
Having to manually editing the redirect url each time i upload a build for testing on production. The face the redirect field doesn’t wrap long urls onto a new line makes this a bit of a pain.
Good info, thank you! (And thank you Tetron for asking those follow up questions!)
I'll bring this idea up to folks!
@vthornheart-bng is TFS 850699 an internal bug? How can we raise the priority on it?
