Crates.io | twitch_oidc_fix |
lib.rs | twitch_oidc_fix |
version | 0.1.2 |
source | src |
created_at | 2022-07-18 15:15:15.407724 |
updated_at | 2022-07-18 21:27:46.832053 |
description | Fix twitch OIDC authorization, just a simple api binding. |
homepage | https://gitlab.com/kerkmann/twitch_oidc_fix |
repository | https://gitlab.com/kerkmann/twitch_oidc_fix |
max_upload_size | |
id | 627804 |
size | 2,395,643 |
TL;DR: Use Twitch for SSO (Single Sign On) or Generic OIDC Client, just a small bridge/middleware. :)
The Twitch-API can be a harsh place, the developers are not following the OAuth
2.0 Authorization standard
(RFC6749) I'm using a SSO
application like Keycloak or
Authentik, but it was impossible to use the
Twitch-API
for SSO
. One reason is the /token
endpoint, the RFC says that
the Access Token
should contain [scopes](And that's the reason why tools
like) (which is a space separated list), but Twitch "is funny enough" to NOT
follow the RFC6749 and thinks
"we could implement it differently", so the response is an array of strings...
T.T \ For fuck's sake ... Imagine there is a standard and your company is
fighting against it... T.T
This route is just redirect you to https://id.twitch.tv/oauth2/authorize
, but
it's removing all scopes which are not supported.
Authentik for example adds the profile
and email
scope. Which can't be removed and is not working with the Twitch API. So this
middleware is getting rid of it and redirects you.
The /token
endpoint contains an access_token
which contains all the
scopes
. Because Twitch is not following the
RFC6749, the middleware has to
convert the string array
from Twitch to the space sperarated list
.
Same problem as in the /token
endpoint, the scopes are causing problems.
You can set the following environments:
RUST_LOG
(default: warn)HOST
(default: 0.0.0.0)PORT
(port: 8080)DEFAULT_CLAIMS_ID_TOKEN
(default: picture,preferred_username,updated_at
)DEFAULT_CLAIMS_USERINFO
(default: picture,preferred_username,updated_at
)The claims
can be set in the url query, but you can also set a default value
(which will be used, if the query is not used). See Requesting
Claims
to understand what are the claims
for.
docker run \
-p 8080:8080 \
-e RUST_LOG=info \
-e DEFAULT_CLAIMS_ID_TOKEN="email,email_verified,picture,preferred_username,updated_at" \
-e DEFAULT_CLAIMS_USERINFO="email,email_verified,picture,preferred_username,updated_at" \
registry.gitlab.com/kerkmann/twitch_oidc_fix
twitch_oidc_fix:
image: registry.gitlab.com/kerkmann/twitch_oidc_fix
restart: unless-stopped
ports:
- 8080:8080
environment:
- RUST_LOG=info
- DEFAULT_CLAIMS_ID_TOKEN=email,email_verified,picture,preferred_username,updated_at
- DEFAULT_CLAIMS_USERINFO=email,email_verified,picture,preferred_username,updated_at
You can build the binary instead:
git clone https://gitlab.com/kerkmann/twitch_oidc_fix
cargo build --release
or build it from crates.io:
cargo install twitch_oidc_fix
Or you just download the binary here
I am not affiliated, associated, authorized, endorsed by, or in any way officially connected with Twitch Interactive, Inc. in USA and/or other countries.