401 error with freshly generated tokens

jigger · December 30, 2023, 9:53pm

Following the Authorization code grant flow - I’m sure I’ve got this right, but maybe I’ve missed something:

My app redirects to https://id.twitch.tv/oauth2/authorize? with url encoded client id, scopes etc etc

This is the request:

https://id.twitch.tv/oauth2/authorize?client_id=REDACTED&redirect_uri=https://REDACTED/oauth/twitch&response_type=code&scope=user%3Aread%3Achat+user%3Aread%3Abroadcast+user%3Abot+channel%3Abot&state=REDACTED

After authorising and redirecting back to my app, I get back a code (for redaction purposes, call it XYZ) (along with the state to check UUID etc etc) - all good. This is where my browser comes back to:

https://REDACTED/oauth/twitch?code=XYZ&scope=user%3Aread%3Achat+user%3Aread%3Abroadcast+user%3Abot+channel%3Abot&state=REDACTED

But the code doesn’t work. If I try it again https://api.twitch.tv/helix/users I get a 401

curl -X GET 'https://api.twitch.tv/helix/users' \
-H 'Authorization: Bearer XYZ' \
-H 'Client-Id: REDACTED'

{"error":"Unauthorized","status":401,"message":"Invalid OAuth token"}

and even if i just try this:

curl -X GET 'https://id.twitch.tv/oauth2/validate' \
-H 'Authorization: Bearer XYZ'

{"status":401,"message":"invalid access token"}

What gives? Am I using the wrong token?

BarryCarlyon · December 30, 2023, 10:01pm

You need to exchange the code for a token

See

Authorization code flow example

under

Open a terminal window and enter the following cURL POST command (you’ll need cURL installed on your computer). Replace the placeholder strings and the authorization code with your values.

example

curl -X POST 'https://id.twitch.tv/oauth2/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=<your client id goes here>&client_secret=<your client secret goes here>&code=17038swieks1jh1hwcdr36hekyui&grant_type=authorization_code&redirect_uri=http://localhost:3000'

That’ll return you an access token. after code to token exchange is complete

jigger · December 30, 2023, 11:34pm

Ah, missed that step somehow. Thanks. What’s the normal life cycle for the token, should I generate one for every transaction or store the token for future use?

BarryCarlyon · December 30, 2023, 11:35pm

asking the user to oAuth each time can be probablatic…
But is done if you are not persisting sessions per sae

Generally speaking yes

but can depend on the use case

jigger · December 31, 2023, 12:18pm

Still got an issue here - when I try to get the users link I get:

{"error":"Bad Request","status":400,"message":"The id or login query parameter is required unless the request uses a user access token."}

I’m trying to find out what the login ID is (hence querying users without specifying an ID), so how am I supposed to supply the login ID?

BarryCarlyon · December 31, 2023, 1:15pm

sounds like you tried to do use a client_credentials token instead of a user token, which doesn’t match what you did in the OP of this thead

Check your steps matches this example

https://barrycarlyon.github.io/twitch_misc/authentication/implicit_auth/

But note this example uses implicit auth rather than code flow auth. But the steps are the same, do something to get a user token, then use the user token against the users API

jigger · December 31, 2023, 1:52pm

Ah ok, these different flows are confusing

I’ve sort of made some progress as I was trying to subscribe to chat messages so they call a webhook, which I think needs the kind of token I generated anyway.

But something’s not quite right. If I sign in as a different user and message the chat in my channel, the messages don’t appear. The user is email-verified, there’s nothing in moderation or anything filtering it out as far as I can tell, I can see the user is watching, but no messages come through… and when I click the user it shows the attached. Not sure why I’m having all these issues?!

Screenshot 2023-12-31 at 13.49.20

BarryCarlyon · December 31, 2023, 2:04pm

Well that chat message topic doesn’t exist yet, but chat notifications does

I can help you with that however

Now we are talking about posting messages to chat (like a bot) so theres 2/3 different things going on here…

So lets go back to the beginning, what are you trying to do?

jigger · December 31, 2023, 3:09pm

Essentially I’m trying to subscribe to all chat messages, so that every message posted in the channel is forwarded to a webhook.

The sub seemed to work, but when I didn’t get any messages coming through to my endpoint, I wondered whether it was because I don’t receive messages from my own user ID. Hence trying another account - so now I’m thinking if those messages don’t even show in the chat window on my channel, it’s not surprising I’m not getting them via my endpoint.

Thanks for your ongoing help!

BarryCarlyon · December 31, 2023, 3:17pm

The EventSub topic for this doesn’t exist yet.

EventSub Topics available for use can be found here EventSub Subscription Types | Twitch Developers

They are tagged with a version so, general availablity are currently numeric and open betas tagged as beta

But there is no topic for “regular chat messages” just channel.chat.notification which is basically IRC/Chat USERNOTICE as a Topic.

PRIVMSG as a topic is announced but not available.

jigger · December 31, 2023, 3:40pm

Ah, so there’s no way to get all messages relayed via a webhook or some other method?

No worries if so… I guess I can embed the chat window - but why are the messages from my ‘other’ user not even appearing my chat window? I’ve even tried removing the requirement for email verification. But not a peep from anything, it still insists that my test user has yet to post anything.

BarryCarlyon · December 31, 2023, 3:42pm

It’s not available on eventsub yet, just announced.

You can currently get Chat via connecting to chat via IRC/IRC over WS - Chat & Chatbots | Twitch Developers

We talking about sending messages via the web/mobile/firstparty client or “as a bot/script” via websocket/IRC/other third party integration?

jigger · December 31, 2023, 3:46pm

Do you mean that it’s been announced it will be coming soon, or is announced a feature or comms type?

Currently just not seeing the messages at all - I have ‘stream chat’ opened in two different browsers, so:

Chrome: me (channel owner)
Safari: my other account

If I type in the stream chat in Chrome, I see it in both browsers… if I type in Safari, I only see it in Safari…

BarryCarlyon · December 31, 2023, 3:47pm

Soon, since all the other chat over eventsub types are out except PRIVMSG as a topic. But there is no time line/announce date

Then you have some sort of first party issue outside the realms of what I or this forum can help with

jigger · December 31, 2023, 4:03pm

Could it be something I’ve broken with my sub attempts? I’ve just registered a new user on a completely different computer / IP, and nothing from that either. It’s like there’s a permission to stop anyone but the channel owner posting. Very odd.

BarryCarlyon · December 31, 2023, 4:04pm

You might be caught in the mystery black box of spam protection.

Unlikely

You’ve cause a first party issue outside the realms that I/the forums can help with.

jigger · December 31, 2023, 5:40pm

Oddly, my Mac crashed shortly after, and since a reboot it’s fine. Some process looking after websockets must have hung or something I guess. Anyway, thanks for all your help Barry!

system · January 30, 2024, 5:40pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
OAuth Authorization Code Flow for a chat bot: 401 invalid csrf token API	8	4686	April 11, 2020
Invalid user authorisation after a period API	3	291	October 17, 2022
Unable to Retrieve OAuth Client Credentials Token (Invalid ClientID) API	14	2897	March 31, 2022
Programattically Get User OAuth Token for Subscriber Notifications API	21	3766	July 15, 2020
I am not sure what my authentication issue is but my oAuth token seems to always be wrong API	22	696	August 20, 2024

401 error with freshly generated tokens

Related topics