Comments (4)
I might've been mistaken to close this issue, since it's still happening.
This bug occurs because @hapi/bell is trying to get the OAuth profile details of the user trying to connect and fails.
And sure enough, it wasn't a bug, but a planned security measure, as seen in Twitch's dev forums :
Starting on May 1, 2020, Helix will require the following:
- Use of OAuth across all endpoints, either via an app access token or user access token.
- The client ID provided in the corresponding header must match the client ID used to generate the OAuth token.
The Client-ID header is required in all requests to their new Helix API; which is used for OAuth.
AFAIK, @hapi/bell doesn't have a mechanic inside the provider to add this header easily, since it's a user-defined parameter.
There is however, the possibility of using a custom provider with Twitch's provider settings. (which can be found here).
You need to add the Client-ID custom header to the headers object of the custom provider.
I got mine working using this code, keeping in mind that you need to replace all of the secrets with yours.
server.auth.strategy("twitch", "bell", {
// twitch implementation is broken in @hapi/bell, Client-ID header must be included in each request
provider: {
name: "twitch",
protocol: "oauth2",
useParamsAuth: true,
auth: "https://id.twitch.tv/oauth2/authorize",
token: "https://id.twitch.tv/oauth2/token",
headers: {
"Client-ID": process.env.TWITCH_CLIENT_ID,
},
scope: ["user:read:email"],
scopeSeparator: " ",
profile: async function (credentials, params, get) {
const profileResponse = await get(
"https://api.twitch.tv/helix/users",
{}
);
credentials.profile = profileResponse.data[0];
},
},
password: process.env.COOKIE_PASSWORD,
clientId: process.env.TWITCH_CLIENT_ID,
clientSecret: process.env.TWITCH_CLIENT_SECRET,
isSecure: process.env.NODE_ENV === "production",
});
This is a pretty bad quick fix to get it working.
Reopening this issue since it's now an implementation error and not Twitch's fault.
from bell.
It appears the bug was on Twitch's end. Closing.
from bell.
I have the same issue, what is happening?
from bell.
Oh thank you so much, I was reading for hours the reason for this problem and I didn't know that I could customize my provider
from bell.
Related Issues (20)
- Support for idp with self signed certificates HOT 3
- Only node 12
- Require hapi 19
- Change plugin name to @hapi/bell
- Expose public API to refresh tokens HOT 2
- Replace Yahoo Social Directory Web Service HOT 2
- Issue with the meetup provider HOT 1
- Support functions for `provider.auth` and `provider.token` HOT 2
- Sign in with apple HOT 5
- Using for 3rd party tenants HOT 3
- docs: api page tutorial links to dead page HOT 1
- Improve the debugging experience when a payload is involved HOT 1
- Please document usage of local strategy
- Support client credentials as functions HOT 3
- Improve handling of rate limiting by Okta provider
- Add timeout configuration for requests
- Change callback path HOT 4
- Big cookie size
- Twitter auth no longer working HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bell.