Arctic

Twitch

OAuth 2.0 provider for Twitch.

Also see the OAuth 2.0 guide.

Initialization

import { Twitch } from "arctic";

const twitch = new Twitch(clientId, clientSecret, redirectURI);

Create authorization URL

import { generateState } from "arctic";

const state = generateState();
const scopes = ["activity:write", "read"];
const url = twitch.createAuthorizationURL(state, scopes);

Validate authorization code

validateAuthorizationCode() will either return an OAuth2Tokens, or throw one of OAuth2RequestError, ArcticFetchError, or a standard Error (parse errors). Twitch returns an access token, the access token expiration, and a refresh token.

import { OAuth2RequestError, ArcticFetchError } from "arctic";

try {
	const tokens = await twitch.validateAuthorizationCode(code);
	const accessToken = tokens.accessToken();
	const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
	const refreshToken = tokens.refreshToken();
} catch (e) {
	if (e instanceof OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
		const code = e.code;
		// ...
	}
	if (e instanceof ArcticFetchError) {
		// Failed to call `fetch()`
		const cause = e.cause;
		// ...
	}
	// Parse error
}

OpenID Connect

Use OpenID Connect with the openid scope to get the user's profile with an ID token or the userinfo endpoint. Arctic provides decodeIdToken() for decoding the token's payload.

Also see ID token claims.

const scopes = ["openid"];
const url = twitch.createAuthorizationURL(state, scopes);

import { decodeIdToken } from "arctic";

const tokens = await twitch.validateAuthorizationCode(code);
const idToken = tokens.idToken();
const claims = decodeIdToken(idToken);

const response = await fetch("https://id.twitch.tv/oauth2/userinfo", {
	headers: {
		Authorization: `Bearer ${accessToken}`
	}
});
const user = await response.json();

Refresh access tokens

Use refreshAccessToken() to get a new access token using a refresh token. Twitch returns the same values as during the authorization code validation. This method also returns OAuth2Tokens and throws the same errors as validateAuthorizationCode()

import { OAuth2RequestError, ArcticFetchError } from "arctic";

try {
	const tokens = await twitch.refreshAccessToken(refreshToken);
	const accessToken = tokens.accessToken();
	const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
	const refreshToken = tokens.refreshToken();
} catch (e) {
	if (e instanceof OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
	}
	if (e instanceof ArcticFetchError) {
		// Failed to call `fetch()`
	}
	// Parse error
}

Get user profile

Use the /users endpoint without passing any arguments. The user:read:email scope is required to get the user's email from the endpoint.

const response = await fetch("https://api.twitch.tv/helix/users", {
	headers: {
		Authorization: `Bearer ${accessToken}`,
		"Client-Id": clientId
	}
});
const user = await response.json();