Error 401: "Unauthorized" "invalid oauth token" when requesting user information

MWSK · December 17, 2018, 1:48pm

Hello Everyone!

I´m trying to get the information of a Twitch-User using https://api.twitch.tv/kraken/user and an OAuth-Token generated by Twitch-Authentication.

If i now generate a URL (for example: https://api.twitch.tv/kraken/user?client_id=MYCLIENTID&oauth_token=TOKEN) and copy it into my browser it returns a JSON with the information i am searching for. But if i´m trying to call this URL with my code it returns a JSON including following content:

{error: “Unauthorized”, status: 401, message: “invalid oauth token”}

error: “Unauthorized”
message: “invalid oauth token”
status: 401

So the token is invalid and valid at the same time? I don´t think so!

Tried a solution with JS AJAX and PHP + cURL -> Both return the same error.

… code will follow, need to rebuild the .js-Code

MWSK · December 17, 2018, 1:57pm

.js-Code:

function getUserLogin() 
{
    var xhttp = new XMLHttpRequest();
    xhttp.onreadystatechange = function() 
    {
        if (this.readyState == 4 && this.status == 200) 
        {
            jsonUserobject = JSON.parse(this.responseText);
        }
    };
    console.log("FULL URL: https://api.twitch.tv/kraken/user?client_id=MYCLIENTID&oauth_token="+getUserID());
    xhttp.open("GET", "https://api.twitch.tv/kraken/user?client_id=MYCLIENTID&oauth_token="+getUserID(), true);
    xhttp.send();
}

.js-Code including .php curl:
AJAX:

  function getUserLogin() 
{
    var xhttp = new XMLHttpRequest();
    xhttp.onreadystatechange = function() 
    {
        if (this.readyState == 4 && this.status == 200) 
        {
            jsonUserobject = JSON.parse(this.responseText);
        }
    };
    xhttp.open("GET", "scripts/php/getUserInfo.php?userid="+getUserID(), true);
    xhttp.send();
  }

PHP:

<?php
    $user = $_GET['userid'];
    
    $url = 'https://api.twitch.tv/kraken/user?client_id=MYCLIENTID&oauth_token='.$user;
    
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 3);
    
    $result = curl_exec($ch);
    curl_close($ch);

    echo $result;
?>

Also tried the curl-thing with $headers as an option added to $ch, but didn´t help!

Thanks in advance for every Solution and Advice!

Edit: Dunno why my entry tries to put the whole PHP in one line … doesnt look like that while im writing it in the editor , sorry for that!

BarryCarlyon · December 17, 2018, 2:48pm

You are passing the user ID here instead of the oAuth Token…

Fixed it for you. Wrap your code in three `

MWSK · December 17, 2018, 2:56pm

Thanks for tuning my code
I just accidently called the token UserID in my code as i didn´t think about that a twitch user obviously also got user-ids , its just the name of my variable.

So userid in my code is just a name for the variable which includes the token.
mb there

BarryCarlyon · December 17, 2018, 3:06pm

In that case as per

Trying using a header instead of Query String argument. I don’t think that still works…

So:

<?php
    $user = $_GET['userid'];
    
    $url = 'https://api.twitch.tv/kraken/user';
    
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 3);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        'Authorization: OAuth ' . $user
    ));
    
    $result = curl_exec($ch);
    curl_close($ch);

    echo $result;
?>

Use a HTTP header, and when using oAuth/bearers it’s safe to omit the clientID as clientID is determined from the oAuth provided

MWSK · December 17, 2018, 3:46pm

Hm already tried that … didn´t work as well.

Now i tried it with exactly your code and the result is:

{error: “Bad Request”, status: 400, message: “No client id specified”}

If i use no Client-ID in the Header

{error: “Unauthorized”, status: 401, message: “invalid oauth token”}

If i add the Client-ID to the Header

BarryCarlyon · December 17, 2018, 3:47pm

<?php
    $user = $_GET['userid'];
    
    $url = 'https://api.twitch.tv/kraken/user';
    
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 3);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        'Authorization: OAuth ' . $user,
        'Accept: application/vnd.twitchtv.v5+json'
    ));
    
    $result = curl_exec($ch);
    curl_close($ch);

    echo $result;
?>

Forgot the version header. Sorry

MWSK · December 17, 2018, 3:54pm

Well, could have noticed that as i already used it in one of my tries to solve the problem

Thanks for your fast replies, by the way!

Here a screenshot from my browser-console if i try it the way you´ve shown:

If i click on the link (“FULL URL: link”) it works, but in the object below its still the No client id specified Error.

BarryCarlyon · December 17, 2018, 3:59pm

The documentation for v5 doesn’t offer the ability to pass an oAuth_token via query string.

You also declared no accept version which reverts to v3 rather that v5

Should be calling it via:

For example

curl -H 'Accept: application/vnd.twitchtv.v5+json' \
-H 'Client-ID: uo6dggojyb8d6soh92zknwmi5ej1q2' \
-H 'Authorization: OAuth cfabdegwdoklmawdzdo98xt2fo512y' \
-X GET 'https://api.twitch.tv/kraken/user'

Please bear in mind that visiting the URL in your browser, currently appears to use your Twitch Logged in Website cookies to perform the request so it will work regardless…

MWSK · December 17, 2018, 4:08pm

As i´m new to TwitchDev i´ve not really thought about different versions of the Twitch API tbh.

I already took a look at the Users Reference earlier this day, but wasn´t sure how/where to implement the curl-code in my scripts.

I tried to:

curl_exec( -H 'Accept: application/vnd.twitchtv.v5+json' \
-H 'Client-ID: uo6dggojyb8d6soh92zknwmi5ej1q2' \
-H 'Authorization: OAuth cfabdegwdoklmawdzdo98xt2fo512y' \
-X GET 'https://api.twitch.tv/kraken/user')

But don´t think thats the right way.

BarryCarlyon · December 17, 2018, 4:12pm

Right lets start from the beginning.

You have created a clientID via

Then you have fetched and obtained a valid oAuth via

bear in mind that oAuth’s generated will also expired after a time

Then using the oAuth Token generated the php code:

<?php
   
    $ch = curl_init('https://api.twitch.tv/kraken/user');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        'Authorization: OAuth ' . $the_oauth,
        'Accept: application/vnd.twitchtv.v5+json'
    ));
    
    $result = curl_exec($ch);
    curl_close($ch);

    $result = json_decode($result);

    print_r($result);

Will work

MWSK · December 17, 2018, 4:22pm

Pretty sure i did all of that.
Maybe my mistake was earlier in the “Apps & Authentication”-Progress.

Guess i´ll take a deeper look at it again and/or try it with twitch/helix and new TwitchAPI instead of twitch/kraken and v5!

Thanks for your help and your time, guess i´ll need your advises in the further progress

BarryCarlyon · December 17, 2018, 4:52pm

Also a request:

<?php
   
    $ch = curl_init('https://api.twitch.tv/kraken/');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        'Authorization: OAuth ' . $the_oauth,
        'Accept: application/vnd.twitchtv.v5+json'
    ));
    
    $result = curl_exec($ch);
    curl_close($ch);

    $result = json_decode($result);

    print_r($result);

Will give you details about the oAuth token (validity etc). (I have a chrome plugin to override/send headers)

For example

system · January 16, 2019, 5:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.