📌 Configure Twitch API OAuth2 provider on a Spring Security app

twitch-oauth2-spring-security.md

📌 Configure Twitch API OAuth2 provider on a Spring Security app

tags: oauth2, twicth, api

Hi guys, I'm working on a SaaS to manage Twitch Clips of broadcasters:

• Create vertical Clips automatically for TikTok, Youtube Shorts, etc.
• Create compilation for clips to easily make best-of

So, I had to plug my Spring Security app into the Twitch OAuth2 provider and it was not easy...

How to do that?

Prerequisites

Before you begin, you need to have the following:

• A Twitch account and a registered app on the Twitch Developer Dashboard. If you don't have one, you can create a new app here.

• A Spring Security application. If you don't have one, you can follow these instructions to create a simple Spring Security app.

Step 1: Add the necessary dependencies

First, you need to add the following dependencies to your project's pom.xml file:

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
</dependency>

<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-oauth2-client</artifactId>
</dependency>

<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-oauth2-jose</artifactId>
</dependency>

Step 2: Configure the OAuth2 client

Next, you need to configure the OAuth2 client by adding the following properties to your application.properties file:

spring.security.oauth2.client.provider.twitch.authorization-uri=https://id.twitch.tv/oauth2/authorize
spring.security.oauth2.client.provider.twitch.token-uri=https://id.twitch.tv/oauth2/token
spring.security.oauth2.client.provider.twitch.jwk-set-uri=https://id.twitch.tv/oauth2/keys
spring.security.oauth2.client.provider.twitch.user-info-uri=https://api.twitch.tv/helix/users
spring.security.oauth2.client.registration.twitch.client-id=<your-client-id>
spring.security.oauth2.client.registration.twitch.client-secret=<your-client-secret>
spring.security.oauth2.client.registration.twitch.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}

Replace <your-client-id> and <your-client-secret> with the client ID and client secret of your registered app on the Twitch Developer Dashboard.

Step 3: Configure the OAuth2 filter

To configure the OAuth2 filter, you need to create a WebSecurityConfigurerAdapter class and override the configure(HttpSecurity http) method. Add the following code to the method:

http.oauth2Login()
  .authorizationEndpoint()
    .baseUri("/oauth2/authorization/twitch")
  .and()
  .redirectionEndpoint()
    .baseUri("/oauth2/callback/*")
  .and()

🎉 Congratulations! 🎉

You have successfully configured the Twitch API OAuth2 provider on your Spring Security application.

🌟 Happy coding! 💻

Hello,
thanks for the compact compilation of the required information.
I needed to add adjust multiple lines:

spring.security.oauth2.client.provider.twitch.authorization-uri=https://id.twitch.tv/oauth2/authorize
spring.security.oauth2.client.provider.twitch.token-uri=https://id.twitch.tv/oauth2/token
spring.security.oauth2.client.provider.twitch.jwk-set-uri=https://id.twitch.tv/oauth2/keys
spring.security.oauth2.client.provider.twitch.user-info-uri=https://id.twitch.tv/oauth2/userinfo
spring.security.oauth2.client.provider.twitch.user-name-attribute=preferred_username

spring.security.oauth2.client.registration.twitch.provider=twitch
spring.security.oauth2.client.registration.twitch.client-id=
spring.security.oauth2.client.registration.twitch.client-secret=
spring.security.oauth2.client.registration.twitch.scope=
spring.security.oauth2.client.registration.twitch.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.twitch.redirect-uri={baseUrl}/{action}/oauth2/code/{registrationId}
spring.security.oauth2.client.registration.twitch.client-authentication-method=client_secret_post

I also currently try to implement twitch as provider but for some reason it looks like spring is not able to parse the response token correctly:
[invalid_token_response] An error occurred parsing the Access Token response: Unexpected type of JSON object member with key scope

Any idea what the problem could be?