Channel/Followers returning empty data set

LeRurik · June 20, 2023, 12:35pm

I am having issues with the channel/followers endpoint. It is returning just the total amount and not the data list.
I am using a wrapper mentioned by twitch GitHub - romanzipp/Laravel-Twitch: Twitch Helix API PHP Wrapper for Laravel.

$result = $twitch->getOAuthToken(null, GrantType::CLIENT_CREDENTIALS, ['channel:read:subscriptions', 'moderator:read:followers']);
        if ( ! $result->success()) {
            return;
        }

        $accessToken = $result->data()->access_token;
        $twitch->setToken($accessToken);

        $usersResult = $twitch->getUsers(['login' => 'LeRurik']);
        if ( ! $usersResult->success()) {
            return null;
        }

        $user = $usersResult->shift();
        $broadcasterId = $user->id;

        do {
            $nextCursor = null;

            if (isset($followers)) {
                $nextCursor = $followers->next();
            }

            $followers = $twitch->getChannelFollowers(['broadcaster_id' => $broadcasterId], $nextCursor);

            foreach ($followers->data() as $item) {
            }

        } while ($followers->hasMoreResults());

I have the right scope, I am authenticating correctly with my own app which is set up, as far as I can tell, under my main twitch account, LeRurik. This is the same account that I am querying followers for. The follower count matching suggests that its the correct account.

Any idea why I would not be getting the data?

The usual suggestion is that either the scope is missing, or that the authenticated user is not a mod on the channel. But how can I not be a mod of my own channel?

I have been trying to investigate this for a few hours now and am starting to get a bit frustrated, so any help would be appreciated.

BarryCarlyon · June 20, 2023, 12:36pm

This is the wrong token type

Client creds basically can’t have scopes

To read whom follows who via the API requires a USER TOKEN not a Client Credentials token

Requires a user access token that includes the moderator:read:followers scope. The ID in the broadcaster_id query parameter must match the user ID in the access token or the user must be a moderator for the specified broadcaster. If a scope is not provided, only the total follower count will be included in the response.

You have the wrong token type

LeRurik · June 20, 2023, 1:31pm

It’s probably just late and I am not thinking clearly, but…

If I use the GrantType::AUTHORIZATION_CODE to get the access token at login, I then can’t actually log in the user. I also can’t get their display name/avatar for the user area because for that I would need their username or ID in the first place, which there doesn’t seem to be an endpoint for getting the user details for the current oauthed user?

I was able to successfully get the access token for myself by logging into my own site as myself, but it kind of defeats the purpose if I can’t get the rest of the info to go with it, as the code is one use only.

Sorry if this seems to be asking for too much help here, but I don’t see how I can do both flows with one code (create a user and get their access token), nor how I can only get the access token for my own account, as I don’t need or care about getting one for other users.

BarryCarlyon · June 20, 2023, 1:33pm

You call Get users without an ID or Login just the Access token and it will return the User for that token

Or you can call the validate endpoint which will validate the token and return the user_id and login for the token. (Easy way to see what kind of token you have as well)

Example: Twitch Implicit Auth Example (when Github pages deploys in a moment)

github.com

BarryCarlyon/twitch_misc/blob/main/authentication/implicit_auth/index.html#L40


      
          
          if (document.location.hash && document.location.hash != '') {
              var parsedHash = new URLSearchParams(window.location.hash.slice(1));
              if (parsedHash.get('access_token')) {
                  var access_token = parsedHash.get('access_token');
                  document.getElementById('access_token').textContent = `Your Access Token extracted from the #url is ${access_token}`;
          
                  document.getElementById('user_data').textContent = 'Loading';
          
                  // call API
                  fetch(
                      'https://api.twitch.tv/helix/users',
                      {
                          "headers": {
                              "Client-ID": client_id,
                              "Authorization": `Bearer ${access_token}`
                          }
                      }
                  )
                  .then(resp => resp.json())
                  .then(resp => {

LeRurik · June 20, 2023, 9:11pm

You were right, I forgot to actually set the access token, which is why it was complaining.

I have decided to go a slightly different route as I don’t want to retrieve an access token for every user currently, but I now know what was going wrong and how I can do it this way.

However, the last stumbling block I possibly see is:

{"grant_type":"authorization_code","client_id":"","client_secret":"","redirect_uri":"","code":"","scope":"channel:read:subscriptions moderator:read:followers"}  
{"access_token":"","expires_in":15196,"refresh_token":"","scope":["user:read:email"],"token_type":"bearer"}

I have removed the sensitive information, but as you can see, I requested the additional scopes, but the access token that was returned states that it only has the user:read:email scope? Does that sound right, or is something still going wrong there?

BarryCarlyon · June 20, 2023, 9:13pm

Scopes go on the outbound <a href="" that a user clicks on

Not in the code to token exchange

LeRurik · June 20, 2023, 9:30pm

I thought that might be the case. Thank you for your help. I will test it and confirm it with my new flow, but I think this will likely solve my issues.

LeRurik · June 20, 2023, 9:58pm

Confirmed, I now have it working perfectly. Thank you for all the assistance Barry. I should be right to work with the API from here now that I have valid auth flows.

system · July 20, 2023, 9:59pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.