I'm working on an WebGL/JavaScript based browser game that integrates with Twitch for a bunch of cool features. One of the things I want to do is allow players to sign up/login using their Twitch account.
I've gotten Twitch's OAuth login flow working already and I've set that up to use LoginWithCustomID() to automatically create a new PlayFab account behind the scenes. However, as far as I can tell, this API call is really intended for use on mobile platforms using some sort of UUID that isn't easy to guess or spoof. Obviously, in the case of Twitch, someone's Twitch username is public information and easy enough to figure out.
I'm wondering if there's any existing design pattern for implementing a secure login via a third party like Twitch that isn't already supported via a direct API call like Twitter and Facebook are. I've poked through the server APIs and CloudScript functionality and it seems like it might be possible, though non-trivial, to rig something up.
Anyone have experience with this?