Currently to use either vMix Social, or in stream settings attempt to login with Twitch to automatically get an ingest and stream key, vMix currently uses the Authorization Code Flow.

The issue with that is for vMix Social you're entirely reliant on an external site, vmixcloud.com, as part of the OAuth specification for the Authorization Code flow is that it redirects the user to a redirect URI with a code, and then that app has to exchange the code for an Access Token and Refresh token. If there's issues with vmixcloud site, or routing between user and that domain, you can't connect to Twitch.

The issue within vMix on the Stream settings tab is that it redirects to the web controllers current port. If you don't have the web controller enabled, authentication fails. If you have the web controller on a different port than default, authentication fails. Even if vMix used vmixcloud for redirection that's again being reliant on an entire separate server being operational/reachable, and it means you're having to rely on that 3rd party for your Access Tokens.

vMix staff themselves have said Access Tokens aren't saved and aren't refreshed, meaning if you change stream key, or need to reconnect to Twitch Chat (or other topics) after a token expires you have to do the whole process all over again, and it would also block any further integration with Twitch that would need a valid Access Token to be maintained client-side.

The appropriate OAuth flow for vMix and vMix social is the Device Code Flow (DCF) https://dev.twitch.tv/docs/authentication/getting-tokens-oauth/#device-code-grant-flow

DCF allows vMix and vMix social to obtain an Access Token and Refresh Token entirely on within the vMix/vMix Social client, which means:

• Doesn't require any Redirect. Will work regardless of Web Controller being on a different port, or even if it's disabled
  
• Doesn't require any 3rd party servers, such as vmixcloud.com
  
• All Access Tokens and Refresh Tokens are stored and handled entirely between vMix/vMix Social client on the users system, and Twitch. No 3rd party servers
  
• Tokens can be refreshed by the client themselves, ensure the user will not have to re-authenticate if a token expires
  
• As tokens can be appropriately refreshed, any changes to stream key or username can easily be updated without needing to re-authenticate
  
• More services can easily be integrated with, such as vMix being able to get and update Twitch channel title, viewer counts, follower counts, sub counts, and so much more that can't be done if access tokens aren't properly handled
  

DCF is the recommend OAuth flow for client-side apps, it's even what Twitch themselves integrate in their Game Engine Plugin as when you're doing things entirely client-side like vMix and vMix Social would be doing it's the most suitable for the use case. If you need more info then either on the TwitchDev Discord https://link.twitch.tv/devchat, or forums https://discuss.dev.twitch.com/, we can provide advice on proper way to choose which OAuth flow would be best, and give support on integrating DCF and opening up a lot more potential for vMix/vMix Social to integrate with Twitch.