This asset allows you to easily implement a "Login with twitch" functionality which you can use to eighter authenticate a user for loggin into your game and/or to aquire tokens to be used against twitch's API. It supports the two major authentication methods "Implicit Grant" as well as "Authorization code Flow". The latter is supported locally (All-In-One) and also as a split strategy where the secret does not have to be deployed to the end user.
Asset Support & Review
We want to provide our customers with easy to use assets. If at some point you are struggling to achieve what you want related to our assets, feel freee to contact us! You can find the E-Mail-Address on the Unity Asset Store. Also all of our assets come with a PDF-File containing contact information (which we don't disclose in this online documentation for spam reasons) We aim to only create Five-Star-Assets so if anything doesn't worka s it should, tell us and give us a chance to fix it! We also would appreciate if you'd leave our asset a review once you got a bit used to it. Thank you in advance!
Documentation variants
Please note, that our asset always includes a Documentation.zip file containing an offline version of this documentation. This offline version is pinned to the version you downloaded, while the online version from our website always covers the latest version available. On the other hand we can add some notes and new textual documentation quickly to the online docs while the offline version will not be updated before the next release so we recommend using the online version of this documentation available at https://unityassets.firesplash-entertainment.com/twitchauth.
Available Flows
Implicit Grant Flow
This is the most secure flow. No credentials are leaked. If the user has disabled JavaScript or is using a script blocker (should be a rare case), he might not be able to login or need to manually change a char in the address bar after accepting the account link on twitch. Tokens aquired via this flow can not be refreshed, the user has to go through the flow again when he needs a new token.
Authorization Code Flows
This flow allows refreshing expired tokens without user intervention and also works with disabled JavaScript. To be able to aquire a token using this flow, you need to specify your application (client) secret somewhere, this depends on which variant you chose.
- See also
- https://dev.twitch.tv/docs/authentication/getting-tokens-oauth#authorization-code-grant-flow
Local only variant
In the local only variant, you need to include your application secret from the twitch developer dashboard in your build which is reverse-engineerable without requiring extensive knowledge. This is considered a bad practice and a security risk. If using this flow, you should at least use some obfuscation asset to make it harder to find the token. We generally recommend using the server assisted flow.
Server Assisted
This variant does not require to deliver the secret with your application, so it is much more secure. Instead, this method requires hosting a simple PHP-Script on a server or webspace. This said server should be SSL-enabled.
Quick Start Guide
Implementing our asset into your project is very straight forward and kept simple. After installing the package using the Unity Package Manager you should add the TwitchAuthenticationHelper component to a suitable (or new) GameObject. If you do only use implicit grant, the best optio would be your login manager or ui manager in the login scene. For any other method we recommend using a dedicated GameObject as you will likely want to use the AutoRefresh feature.
Your own code could look as simple as that:
Of course this asset supports a lot more (predefined scope sets, custom scope lists, token refreshing, tokens on demand, ...)
Example Client ID Warning
Please remember to put your own Client ID into the inspector! Do not - NEVER - use our Example ClientId for your own projects! This may stop working at any given time.
If the example does not work out of the box, please configure your own application accordingly instead.
