"Failed obtaining twitch user profile" when using Twitch provider about bell HOT 4 CLOSED

I might've been mistaken to close this issue, since it's still happening.

This bug occurs because @hapi/bell is trying to get the OAuth profile details of the user trying to connect and fails.

And sure enough, it wasn't a bug, but a planned security measure, as seen in Twitch's dev forums :

Starting on May 1, 2020, Helix will require the following:

• Use of OAuth across all endpoints, either via an app access token or user access token.
• The client ID provided in the corresponding header must match the client ID used to generate the OAuth token.

The Client-ID header is required in all requests to their new Helix API; which is used for OAuth.
AFAIK, @hapi/bell doesn't have a mechanic inside the provider to add this header easily, since it's a user-defined parameter.

There is however, the possibility of using a custom provider with Twitch's provider settings. (which can be found here).
You need to add the Client-ID custom header to the headers object of the custom provider.

I got mine working using this code, keeping in mind that you need to replace all of the secrets with yours.

server.auth.strategy("twitch", "bell", {
    // twitch implementation is broken in @hapi/bell, Client-ID header must be included in each request
    provider: {
      name: "twitch",
      protocol: "oauth2",
      useParamsAuth: true,
      auth: "https://id.twitch.tv/oauth2/authorize",
      token: "https://id.twitch.tv/oauth2/token",
      headers: { 
        "Client-ID": process.env.TWITCH_CLIENT_ID,
      },
      scope: ["user:read:email"],
      scopeSeparator: " ",
      profile: async function (credentials, params, get) {
        const profileResponse = await get(
          "https://api.twitch.tv/helix/users",
          {}
        );
        credentials.profile = profileResponse.data[0];
      },
    },
    password: process.env.COOKIE_PASSWORD,
    clientId: process.env.TWITCH_CLIENT_ID,
    clientSecret: process.env.TWITCH_CLIENT_SECRET,
    isSecure: process.env.NODE_ENV === "production",
  });

This is a pretty bad quick fix to get it working.

Reopening this issue since it's now an implementation error and not Twitch's fault.

from bell.

It appears the bug was on Twitch's end. Closing.

from bell.

I have the same issue, what is happening?

from bell.

Oh thank you so much, I was reading for hours the reason for this problem and I didn't know that I could customize my provider

from bell.