Twitch App Access Tokens can do MORE!

In the beginning App Access Tokens could just load public data, that didn’t need any oAuth scopes, from Twitch API. And so any given developers project had to maintain a user access token(s) for users of their application.

Then extensions were introduced, bundled in Extensions are Subscriber support, allowing extensions and their EBS to read a given viewers subscription status to a channel, outside of the Extension JS Helper function to check the status in client side code. That then leaves how does an Extension EBS (aka Backend Service) perform the same call (since you should never trust the client) to perform the same check.

And so Extension generated App Access Tokens, could call Get Broadcaster Subscriptions. The first endpoint that is scoped that an app access token could load on behalf of a user.

Since then various aspects of Twitch Developer Tools have come and gone, we lost WebSub, and we lost PubSub, and we lost both (over time) in favour of EventSub. There is a bunch of other stuff that happened but the important part here is that with the loss of PubSub, Eventsub achieved “featured parity” with PubSub and a number of other things introduced Chat over Eventsub.

EventSub

An Extensions ability to grant the ability for an app access token to call subscriber information is baked into the “install an extension” work flow.

An extension that offers the Subscription and Chat permissions (chat here has it's own endpoint using JWT), but subscriptions grant the power for app access tokens to be able to read.

But EventSub introduced the dual (or even triple) legged auth approach.

First a user will need to perform a user oAuth loop, either Implicit, Authorization Code, or DCF (Device Code Flow). This then creates a link between the user and the ClientID along with the scopes requested.

Combine that with the recently added Get Authorization By User endpoint to check what scopes your ClientID has to a given user, you can check permissions before trying to create EventSub Subscriptions for Webhooks or Conduits.

So for eventsub the pattern is:

  • Check the conditions and scopes needed for the EventSub Type/Topic
  • For the user’s in the condition get that user to user authenticate with the needed scopes
  • Generate an active app access token (if you don’t have one already)
  • Create the Subscription

As an aside you can use “user.authorization.grant” to easily monitor for new user authentications and create subscriptions as a follow up, if say your user token gen is air gapped from your Eventsub handler. This is a pattern I use on the IGDB Extension to monitor for authentications and create subscriptions to stream.online/offline and channel.update (which yes are public topics but become cost 0 _if_ the user is authenticate to the Client ID, and I use the user.authorization.revoke to unsubscribe since I only want to keep cost 0 subscriptions), becuase the IGDB Extension config page launches an implicit flow since I don’t need the user token ever I just need to auth so creating one with a refresh token is overkill, but I digress….

So that briefly is how EventSub dual legged auth operates.

Chat Over EventSub

Then along came Chat over Eventsub and a bunch of separate topics essentially providing IRC chat as a already JSON-ifed consumable feed.

This also came with Conduits and the ability for chat bots to scale to as many channels as needed, because the broadcaster auth’s the chatbot to be present on their channel. It is similar to how adding Discord Bot to a Discord Server works from a broadcaster point of view.

But chat over eventsub specified two user ID’s in the condition. (which yes can be the same ID but we’ll skip that for simplicity).

So first a developer would

  • Create a Client ID (generally owned by their own Twitch profile but the other of a Client ID is irrelevant, it’s always whom auths to the client that is important)
  • Create a Twitch account with the username of the bot they want to use
  • User Authenticate the bot to the Client ID with the relevant scopes
  • Then authentication any number of broadcasters to the Client ID
  • Now you can rejoin all channels with one API request (update shard), great for restarts or outages, as restart the websocket, call update shard, and then the bot is back in all rooms, no more slow roll rejoins or rate limit joins/etc.

So that is briefly the triple legged auth of chat over eventsub.

So What about App Access Tokens on the API?

Send Chat Message was introduced at the same time as chat over eventsub and is the first “proper” endpoint that worked with App Access Tokens following prior auth from the user(s) involved, (the broadcaster_id and sender_id)

This meant that for “general” operations a chat bot still needed to load and maintain either the broadcasters user token for Start Commercial for example, or the bots own token for Banning a User from chat.

So a bot would be juggling and maintaining up to three tokens,

  • A broadcasters token for broadcaster based operations
  • A bot token for doing moderation actions (for example), or sending chat
  • An app access token for subscription management (or sending chat)

But, now, as of yesterday! For the most part that is no more!

Well Spill the Beans then!

TWENTY ONE API endpoints now support this pattern of using an App Access Token after performing prior user(s) authentication(s). Look for the Beta tag under the Authorization section of each endpoint.

Here is the list:

Anything marked in bold with a * has additional scope requirements compared to the user token version, please check the docs, but I suspect your bot will likely already have obtained the scopes.

So now a chat bot broadly doesn’t need to maintain or even keep on file a user access token for itself or the broadcaster, as most general operations a bot is gonna do will work using the App Access Token. This also comes with the bonus that a user access code flow token is only good for 4 hours but an app access token is good for much longer. (Remember to utilise the Validate Token Endpoint to check time remaining on a token)

I’ll note that “Get Clips Download” supports this pattern, but that API was introduced with the pattern.

But a Sadness

However, the obvious missing endpoint that doesn’t support this pattern is Send Chat Announcement which I hope is supported soon, I think that’s the only one I need to token juggle for at the moment.

Summary

Thats it! Go forth an App Access Token! And hopefully more of the API will support this pattern over time!

If you need further help please join as over on the Twitch Dev Discord or Support Forums!

OBS 32.0.0 the one that will be pain (sorta)

Well OBS 32.0.0 is out, and it’s gonna be pain, but in a good way, wait is pain ever a good thing.

It’s similar pain to the OBS 28 to anything after 28 move but PAIN all the same.

Along with all the new shiny features, like FiniteSingularity’s Plugin Manager, theres a bunch of changes under the hood! And the “Streamer Important” of these changes are what this blog post is gonna blog post about!

You can go read the full change log, over on the Releases Page, new shiny features at the top!

OBS 32's Plugin Manager

Look at this AWESOME Plugin manager. (OBS on line 2? Well thats Logitech’s Plugin apparently… go figure)

So What Broke

So since I have a finger in a LOT of pies, not just on Twitch but other realms, all within Streaming space, I’ll pull OBS Beta’s as they come and start testing. (Curse past me for setting my Mac OBS to always grab the betas… but whatever)

So, I pulled down OBS 32.0.0 beta 1 and it crashed on Launch. Here is the GitHub report yeah in the OP I was blaming EVERYONE and their dog (not Finite’s Dog). Took some better knowing peeps to trace it down and at the time I was busy and couldn’t do my own tracing. (Was too busy OMGWUT-ing to “upstairs” with “please don’t let customers go to 32.0.0 just yet)

Beta 2 fixed the crash on launch issue. But the problem here was the Streamdeck Plugin calling something that was removed from OBS in 32.0.0, since under the hood changes are dropping support for some legacy/older plugin hooks (or so I believe), and the SD plugin was invoking that and the fault wasn’t “safe caught” leading to OBS to crash instead of skip plugin loading.

Elgato was informed and so they chimed in with a “we are on it“, praise be to Videophile.

OBS 32.0.0 is General Release

So OBS 32.0.0 is now “released to the masses”

Heres what you need to do step by step, these steps are valid for OBS 31.x.x but shouldn’t be different for Older OBS, if on OBS Portable HAVE FUN! But you should know what you are doing here if you are running portable anyway…

  1. “File” -> “Show Settings Folder”
  2. Take a copy of the folder “basic” your scenes and profiles are in here and you should routinely back this up. (sure this doesn’t backup media assets (images/videos) that your scenes use thats up to you to sort but will preserve file paths and the like)
  3. Close OBS
  4. Next to update Streamdeck, first check that Streamdeck itself is “recent” should be running at least Software Version 7.0.0. Hit the “Cog” -> “General” -> “Check for Updates”. (At time of writing V7.0.1 is available) this step may also do the next step for you.
  5. If Streamdeck has updated it’ll restart, next Hit the “Cog” -> “Plugins” -> Scroll to OBS Studio, “Check for Update”, anything newer than 2.2.8 and you should be good. (Current version is 2.2.9.9), side note: most plugins have auto update, but some plugins you installed before that was a thing won’t so check those manually if you want.
  6. Now Open OBS and let OBS update to 32.0.0 (do “Help” -> “Check for Updates” if not auto prompted)
  7. Away you go!
Streamdeck showing running version 7.0.0 - Build 22005
OBS Studio plugin for Streamdeck showing "outdated" 2.2.8

Other Plugins

After Restarting OBS into 32.0.0 you’ll want to check for and update any other plugins you use/consider important before you go live for the first time.

Notably ratwithacompiler has put out an update for the Closed Captions Plugin, that a lot of people use (and the one I recommend to people for adding CC’s to your streams), during the OBS 32.0.0 beta phases, to fix a similar fix to what Elgato has needed to do.

But everyone installs different plugins, and currently Plugin Management is manual and not all plugins with hint you need to update. (Why “currently” you say? Well the new Plugin Manager is going to be looking at hinting for updates I understand! YAY)

Aitum Multistream will for example, but I don’t think they have any updates at time of writing. Since it works fine under OBS 32.0.0, I just know it has a visible thang for “update available”.

Post Amble

Just doing my OBS updates, nice alert 😀 I know which ones I need to go and do now, but if you have other plugins make sure to check manually in case they didn’t get reported as not loading!

The End of Twitch PubSub

Finally Twitch EventSub is at feature parity with third party supported/documented PubSub, that the end of PubSub has been announced.

In a forum post over on Twitch Developers it has been announced the schedule for the shutdown of Twitch PubSub for access by third party developers.

The final death date is April 14th 2025.

Which I guess means it’s time for me to complete my own migration from PubSub to EventSub. Which at least is JUST ABOUT planned….

At least for 90% of what I need it’s ALL USERNOTICE as an EventSub topic, which is this case is channel.chat.notification and then whatever I choose to go with for consuming cheering.

So then for anything else I’ll need that doesn’t exist, either from it not existing in the first place OR a undocumented topic I might be using, off to uservoice I’ll go!

Off hand I think there is only one thing but we’ll see when I work on and complete my migration! The only other barrier is gonna be authentication but I have authentication or can get it for everything I need.

It is worth noting that Extension PubSub is unaffected, as that for the most part is a completely different system that just shares the same name.

Topic Migration notes

Edit: I guess I should add some notes about migration

PubSubEventSub
channel-bits-events-v1.<channel_id>channel.cheer or channel.chat.message
channel-bits-events-v2.<channel_id>channel.cheer or channel.chat.message
channel-bits-badge-unlocks.<channel_id>channel.chat.message – the bits_badge_tier
channel-points-channel-v1.<channel_id>channel.channel_points_custom_reward.add
channel.channel_points_automatic_reward_redemption.add
channel-subscribe-events-v1.<channel_id>channel.chat.notification is what I will use for my use case of overlay/on stream alerts. Other type segregated topics exist

This topic also includes raids and a bunch of other event types
automod-queue.<moderator_id>.<channel_id>automod.message.hold and automod.message.update
chat_moderator_actions.<user_id>.<channel_id>channel.moderate
low-trust-users.<channel_id>.<suspicious_user_id>channel.suspicious_user.update and channel.suspicious_user.message
user-moderation-notifications.<current_user_id>.<channel_id>channel.chat.user_message_hold
whispers.<user_id>user.whisper.message

This Post was updated on February 2nd for additional migration paths and adding a link to the new PubSub Migration guide

The First shutdown window is February 10th at 7pm UTC for an hour!

The Twitch Extensions Developer Rig is Dead

Or is it?

Preamble

Twitch decided to deprecate the Extension Developer Rig, which is fine, just about everything that the rig could do is avialable via the API now. You can read about the Deprecation on the Developer Forums.

The final thing that was API enabled was bits product management, which for a while was rig only, but is now available in the API and more recently in the developer console, so if you don’t want to write or use a tool, you can use the developer console instead.

You can read more about the Bits product management announcement over on the Twitch Developer Forums.

So What Now?

For those working with Twitch Extensions, you can either write you own tools to talk to various things via the API, such as the Config service or Bits product management or you can use a tool that someone else wrote such as my own Twitch Extension Tools. But that leaves out the one thing that the Rig can do but nothing else can, which is view testing.

View Testing

The optimal way, in my opinion, to do view testing is to get your Testing Base URI setup over SSL, either via using a real URL, or a reverse proxy tool such as NGROK.

But there are times where you don’t want to do that or just want to quickly test a video or component slot extension without going live, which is where the Rig comes in, you can test those sort of extensions without going live, or even by putting the “wrong” channel behind you extension (listen to Monstercat whilst working on your extension for example….)

The rig is still available for doing that sort of testing, but you may need to reimport/reopen a project or refresh the projects manifest into the rig, or you have started a new Extension and need to test.

That part of the rig is broken, you’ll hit the buttons and nothing will work as the API’s the Rig are trying to talk to just no longer work if they exist at all, to that end I devised a little tool to cover.

The Manifester

Presenting the Twitch DeveloperRig Manifester (not affiliated with Twitch naturally).

A Screenshot of the Manifester. It’s ok the userID is mine I can leak my ID all I want mom!

Which provides the following tools:

  • Import a Project, generate a new project file from an Extension and add it to the Developer Rig
  • Refresh Manifest, update an existing project file or change the active version,
  • Reopen Project, when you import an extension into the rig it generates a project file saving with it the views you made, you can then close the project in the rig, this file tool lets you reopen that project file and add it back to the rig.

Thats the three main things “broken” in the rig that can be replaced.

The other thing missing is “create a new extension and add it to the rig”, for that you need to use the developer console and then import to the rig via the Manifester.

Just remember to close the developer rig first before trying to use the manifester to do actions.

Notes

It’s a quick and simple Electron app licensed under WTFPL so go wild!

Summary

So, for helping with your Twitch Extension Development either:

  • write you own tools to interact with the API
  • use the Developer Console for bits product management
  • use a tool such my Twitch Extension Tools to talk to the various Extension related APIs
  • the Developer Rig Manifester to continue testing in the rig
  • test your extensions on the Twitch website with the testing base URI behind SSL (and don’t forget to have it in a subfolder to model hosted test and above best)
  • or any combination of the above

Twitch Extension Developer Tools

Around the time that Kraken was dying, I was doing something (I forget what, probably bits products), and found that the Twitch Developer Rig was totally hosed, since it was calling Kraken and hadn’t been patched. (It since has been but still being a little weird with some stuff with some of my Extensions, but I digress).

So I was like “screw it I’ll build my own tool with Blackjack and Hookers”.

So I went and built my own tool, it’s part “API testing tool” part “useful things for managing Extensions”. And released Open Source over on GitHub under the WTFPL aka – “Do What the F*ck you Want to Public License”.

Main reason for making a tool rather than a bunch of test scripts, was I wanted to easily store and recall my Extension Client ID’s Extension secrets, and easily generate App Access Tokens for the relevant API’s that needed.

So without further ado, you can find, download, use and abuse, the tool over on Github, or even PR a feature in https://github.com/barrycarlyon/twitch_extension_tools current Version is v1.1.3!

It should offer just about every “useful feature” from the Developer Rig, that there is a public API for, except for “Views” and “Start my servers for me”. For a easy summary of the Features Available, checkout the Readme on the GitHub!