Tachyon Auth
This package provides a client side implementation for login at Twitch. Presently, only the Device Code Flow (DCF) is supported.
There is a complementary package tachyon-auth-server
which provides
corresponding server side utils.
General Overview
Ultimately, login flows yield an auth-token
, which is used to authenticate
with services at Twitch. The auth-token
is stored via cookie and read by the
client and server.
We do not store a refresh token because tokens do not currently expire.
When making authenticated calls to GQL, the suggested error handling pattern for
applications is to clear the auth-token
storage and retry the request
unauthenticated if GQL returns a 403 Forbidden status code.
DCF
Here is an overview of the relevant interpol (backing service owned by Identity) endpoints.