Error message: Invalid authorization code

Guys, I am throwing in the towel - I can’t seem to solve this by myself or read earlier posts about similar issues.

The error message I receive is this:

{"error":"Bad Request","status":400,"message":"Invalid authorization code"}

I am able to retrieve something called oauth token (I think?) by using this function (which creates the link)

public function request_http_link_TW(&$client_id,&$redirect_uri,$scope = array()){
	$link = "$client_id&redirect_uri=$redirect_uri";
		trigger_error(__FUNCTION__.' value entered in parameter 3 is not an array ',E_USER_WARNING);
		return FALSE;
	if(!empty($scope)) {
		$numItems =count($scope);
		$i = 0;
		$new_string ='&scope=';
		foreach($scope as $s) {
			if(++$i === $numItems) {
				$new_string .= $s;
			else {
				$new_string .= $s . '+';
		$link .= $new_string;
	return $link;

And I get my oAuth token in the URI and fetch it with $_GET[‘code’] (Woho, that was hard…)

Then I am trying to use this oAuth token to get an access_token - Here I am, standing without a access_token, not able to release my mighty programming skills and make me shine!

So… I ask you, the mightiness discuss API thread users, to assist me and locate the issue.
This is my current function I’m using and I am not sure where I could do wrong - because I’ve compared it to multiple other “post” codes for the access_token to twitch.

    public function fetch_auth_token_TW($authInfo){
		$curl = curl_init();
		$arr = array(
			'client_id' => $authInfo->Client_id,
			'client_secret' => $authInfo->Client_secret,
			'grant_type' => 'authorization_code',
			'redirect_uri' => $authInfo->Redirect_uri,
			'code' => $authInfo->oAuth
		curl_setopt_array($curl, array(
			CURLOPT_URL => '',
		if (!curl_exec($curl)) {
			die('Error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
		$resp = curl_exec($curl);

In case the Twitch Staff needs to know:

  • Client_ID = 3c5unn1vbj7bsfep5emtftee4ckc6ur
  • User I am trying to authorize with: Xavizus

I’ve double checked my variables and I am making sure that my PHP-script does not request two oAuth token at the same time.
I’ve made sure to request a new oAuth token if I get an error (What I understand, I’m able to use this token only once until I get an access_token - Then I am able to release my mighty power).
I’ve renewed my Client secret (multiple times now JUST to make sure that I’ve the correct one).

So… I am stuck and not really sure how to get going…

(Just remembered, you maybe want to see how I call these functions)


$config = new config;
	$twitch = new Twitch();
	$config->twitch->Client_id = '3c5unn1vbj7bsfep5emtftee4ckc6ur';
	$config->twitch->Redirect_uri = '[MY_HIDDEN_URL_HERE]';
if(isset($_GET['code'])) {
	$config->twitch->oAuth = $_GET['code'];
	$config->twitch->Client_secret = '[WoW_SUCH_SECRET_CODE]';
	echo '<br/><br/>';

else {

$link = $twitch->request_http_link_TW($config->twitch->Client_id, $config->twitch->Redirect_uri);

echo "<a href='$link'>This is a link</a>";

Alright guys!
I just solved it by myself… I did indeed used the oauth token twice… Just had to remove the part:

if (!curl_exec($curl)) {
			die('Error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));

which used the oauth token once. How to handle this, if it return an error, will be my next challenge :smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.