So I am creating a website to learn some PHP/Javascript/HTML/CSS and so on and I ran into a problem to which I can't come up with a solution. So basically I have regular login form using PHP which uses POST to send the data and authenticate. I also want to integrate external Twitch.tv OAuth2 authentication.
By using normal PHP login I store my information inside PostgreSQL database using php. I want to do something similar using OAuth2. For example store Twitch.tv name as a username inside the database and token as a password.
The problem is that the external authentication I am using is based on their Javascript API and it stores the information inside the DOM storage which I found is unable to be access by using PHP. The redirect_uri with a token is also a fragment which can't be retrieved by PHP.
Should I just scrap the JS part and try doing it entirely in PHP?
Side question: I checked other website which also uses Twitch authentication and it uses these callback links "https://api.nightbot.tv/auth/twitch/callback?code=****". What exactly are these callbacks?
You should use redirects as you implied with JS frameworks. It works the same with Facebook. The redirects are used with a token. Usually you generate on your side a random token that you store in the session. Once the user logs in using the JS API, the API will redirect to a callback page (PHP in your case). In that page, you verify the token once (that you had passed and got back, must be the same), and also you get another token from the API to use with the API. At this point you can get the user information by querying the API using the API token. You get the user info from the API and then you can query your down DB at this point to log the user in etc. I hope this helps..