I’m trying to set up Twitch login in my Swift application using the implicit grant flow for OAuth.
For this, I think the ASWebAuthenticationSession from Apple is the best choice to enable users to authenticate through the Twitch login page in my app.
However, I’m unsure about how to retrieve the access token after the login process. The documentation states that the token will be sent to the registered redirect URI. Should I use http://localhost as the redirect URL for my mobile app? I need some help to understand how to capture the token in my Swift code correctly.
Any advice on how to configure the redirect URI and handle the token would be greatly appreciated.
totally, use a custom scheme instead of localhost! something like yourapp://oauth added to your info.plist works. then when twitch sends the token, ASWebAuthenticationSession takes care of it. easy peasy!
I dealt with this exact problem last year when adding Twitch OAuth to my app. Skip custom schemes - use universal links instead. They’re more secure and work better. Set up a redirect URI like https://yourdomain.com/auth/twitch in your Twitch app settings, then configure the universal link in your iOS app. After ASWebAuthenticationSession finishes, grab the access token from the URL fragment using URLComponents. It’ll look like #access_token=your_token_here&token_type=bearer. Don’t forget to validate the token right away by hitting Twitch’s validation endpoint before you store it in keychain. This makes sure it’s legit.