Authentication Token for Get User Object

Hello,

I’m really new, but I cannot figure out where to find what I’m looking for to get this response working correctly with the User Object.

I’ve set up the Get Token(saw on a previous forum topic).

$auth_token = “https://api.twitch.tv/kraken/oauth2/authorize?response_type=code&client_id=&redirect_uri=&scope=user_read+chat_login”;

//This gets used below.
if(isset($_GET[“code”])){
$user_code = $_GET[“code”];
}

$curl = curl_init();
$arr = array(
‘client_id’ => ‘’,
‘client_secret’ => ‘’,
‘grant_type’ => ‘authorization_code’, // Was told to not change this.
‘redirect_uri’ => ‘’,
‘code’ => $user_code, //code from above.
‘state’ => NULL
);
curl_setopt_array($curl, array(
CURLOPT_SSL_VERIFYPEER => FALSE,
CURLOPT_FOLLOWLOCATION => FALSE,
CURLOPT_URL => ‘https://api.twitch.tv/kraken/oauth2/token/’,
CURLOPT_POSTFIELDS => $arr,
CURLOPT_RETURNTRANSFER => TRUE
));
$resp = curl_exec($curl);
curl_close($curl);
echo var_dump($resp);

I get JSON like this:

{
“access_token”: “”, // This is different what’s seen in the window.location (could be something wrong?)
“scope”://This matches what I put for scopes.
}

So where I get caught, is getting User Object with this syntax:

curl -H ‘Accept: application/vnd.twitchtv.v5+json’
-H ‘Client-ID: uo6dggojyb8d6soh92zknwmi5ej1q2’
-H ‘Authorization: OAuth cfabdegwdoklmawdzdo98xt2fo512y’
-X GET ‘https://api.twitch.tv/kraken/user

I’m sure it’s obvious, but I’m new to cURL, and not sure how to write that on my php server to get user json
{
“_id”: 44322889,
“bio”: “Just a gamer playing games and chatting. :)”,
“created_at”: “2013-06-03T19:12:02Z”,
“display_name”: “dallas”,
“email”: "email-address@provider.com",
“email_verified”: true,
“logo”: “https://static-cdn.jtvnw.net/jtv_user_pictures/dallas-profile_image-1a2c906ee2c35f12-300x300.png”,
“name”: “dallas”,
“notifications”: {
“email”: false,
“push”: true
},
“partnered”: false,
“twitter_connected”: false,
“type”: “staff”,
“updated_at”: “2016-12-14T01:01:44Z”
}

All of this was copied from the documents and forum posts.

I’ll answer your direct question shortly, but I wanted to bring up a couple of points.

  1. What data do you need form the user object? There is a user by ID API that doesn’t use OAuth that could potentially make this much, much easier.
  2. The code flow you’re using is the Authentication Code flow. You may not need this flow. If this is a client-side application, you can use the Implicit Grant flow.

In general, you can make a request just like you’ve already done. You simply take the access_token value and put it into the Authorization header:

$headers = array(
    'Accept: application/vnd.twitchtv.v5+json',
    'Authorization: OAuth YOURTOKENHERE',
);

$url = 'https://api.twitch.tv/kraken/user';

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 3);

$result = curl_exec($ch);
curl_close($ch);

echo $result;

I wanted to saved the user’s “name” and “twitch ID” to a database as a list to iterate through. I did not want members to type in their names in case they mistype, typed someone else’s name, or flood the database with names. So I wanted to use the authentication token to get the user object to get the person’s name and twitch id to avoid duplicates, using someone else’s name, or a simple mistype. All they would have to do is authorize, and I can get the information to store in a database, and show it on a page which members have signed up for our team. Then all the bells and whistles after that. I would use the user by ID API, but sometimes you can’t trust the other person to submit the correct information and matches my website’s user ID (my website allows them to create an account), and I use your “user object” and append with their user ID on the website so nothing was typed, or counterfeiting someone else’s twitch account. This way, if your system allows them to log in, it must really be them…

Thanks for the example Dallas!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.