You'll first send the user to the Twitch authorization endpoint. This URL is made up of a the base authorization URL (
https://api.twitch.tv/kraken/oauth2/authorize) and query string parameters that define what you're requesting. The required parameters are
For the Authorization Code flow, the
response_type parameter is always set to
code. This signifies that you're requesting an authorization code from the Twitch API.
redirect_uri is where the user will be redirected after they approve the scopes your application requested. This must match what you registered on your Twitch account Connections page.
client_id is a unique identifier for your application. You can find your client ID on the Connections page, too.
scope defines what you have access to on behalf of the user. You should only request the minimum that you need for your application to function. You can find the list of scopes on the Twitch API GitHub.
state parameter is also supported to help protect against cross-site scripting attacks. The
state parameter will be included on the
redirect_uri when the user authorizes your application.
https://api.twitch.tv/kraken/oauth2/authorize ?response_type=code &client_id=[your client ID] &redirect_uri=[your registered redirect URI] &scope=[space separated list of scopes] &state=[your provided unique token]