Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
components: remove follow+subscribe buttons
See #813 Twitch has decided to completely remove the endpoints for following and unfollowing channels on both their kraken and helix public APIs. Their reason for this is that there are follow-bots which are abusing the public APIs by mass-following channels or bots which have been created for harassing streamers who use follow alerts in their streams. Instead of implementing ways to prevent abuse of these endpoints, like for example rate-limiting create/delete requests, either for entire client-IDs (registered applications) or individual OAuth tokens (user logins in a registered application), and/or limiting follow and unfollow requests in quick succession, either by caching requests or by adding a time threshold based on the follow date, Twitch simply went the easy route and killed the entire system which regular 3rd party developers rely on. They are thus showing all these developers their middle finger. This is not a surprise, as Twitch has been actively neglecting their public APIs ever since they switched to the GraphQL-based one on their website. Past actions regarding the public APIs have shown this as well. For Streamlink Twitch GUI this unfortunately means that the buttons for following and unfollowing channels have to be removed, as there's no way of working around this API endpoint removal. Abusive follow-bots will however still be able to use the GraphQL API and work around the removal this way, but applications like this which operate entirely on the public APIs and where user logins are tied to the application's client-ID (which is limited to the public APIs) will not be able to switch to the private GraphQL API for re-implementing the follow buttons. The only possible way would be asking the user to copy their secret OAuth token from the dev-tools of their web browser after logging in on Twitch.tv, or writing an extension for every popular web browser out there which would do this on its own and asking the user to install it. The OAuth token from the GraphQL API could then be used as a secondary way to authenticate the user, so that they could follow channels again by using GraphQL API endpoints instead. Even following games would be possible again, because these endpoints were never added to kraken or helix and in the past only lived on Twitch's old private REST API (similar to kraken) which has been shut down years ago. All of this is however off the table, as it's way too inconvenient for the user and is also too much work to write and maintain. Not to mention that it would abuse Twitch's private API, which should be avoided. As a way to make the user still be able to follow and unfollow channels when using Streamlink Twitch GUI, a new button has been implemented which simply opens the channel page on Twitch.tv in the user's browser, like the subscribe button already did. Since it doesn't make much sense having two buttons which do the same thing, this commit therefore also removes the subscribe button. Both the follow and subscribe buttons have shared a mixin with logic for checking the followed/subsciption status of the user, so this has been removed as well. In case that the Twitch developers see that their idea of killing the API endpoints was a bad idea and didn't work out as expected (as abusive bots are still doing their thing), this change can simply be reverted, but this probably won't happen any time soon, or at all. There are suggestions on Twitch's feedback tracker to grant "approved" applications (client-IDs) or 3rd party developers (accounts with registered applications) access back to these API endpoints, but it is unclear whether Twitch will implement such an approval system or whether they choose a cheap workaround instead which doesn't fit into applications like Streamlink Twitch GUI and the like.
- Loading branch information
1 parent
27ee423
commit 402cab1