Getting 400 error when trying to refresh a token (client secret missing)

Hi!

I am successfully running a game which connects to Twitch.
Currently I did noit need a valid access token all the time but this is changing now so I probably need to refresh the token during the session.

I am running a nodejs based backend which I am using for handling the authentication stuff (as secrets in delivered assemblies are nerver secret…)

My code:

axios.post('https://id.twitch.tv/oauth2/token', {
				'grant_type': "refresh_token",
				'refresh_token': encodeURIComponent("RefreshTokenDeliveredFromGamesCallLandsHere"),
				'client_id': "mYcLiEnTiD",
				'client_secret': "sEcReThErE"
			},
			{
				headers: {
					'Client-ID': "mYcLiEnTiD"
				},
				responseType: 'json'
			})
			.then((res) => {
				if (res.statusCode == 200) {
					if (debug) console.log('[' + (new Date()).toISOString() + '] Refresh successful');
					[...]
				}
			})
			.catch((error) => {
				if (debug) console.log('[' + (new Date()).toISOString() + '] ' + error + ': ' + JSON.stringify(error.response.data));
[...]
			});

I get the following result:
Error: Request failed with status code 400: {“status”:400,“message”:“missing client secret”}

Can you lead me to what I’ve done wrong?

You don’t need a the headers

I wonder if sending headers and HTTP post body has confused the API and it’s ignored your POST body because of the header

The API call to refresh is just

POST https://id.twitch.tv/oauth2/token
    --data-urlencode
    ?grant_type=refresh_token
    &refresh_token=<your refresh token>
    &client_id=<your client ID>
    &client_secret=<your client secret>

No headers needed, so remove that

Thanks for your reply @BarryCarlyon!
Unfortunately omitting the header makes things worse: {“status”:400,“message”:“missing client id”}

The axios post is posting using the wrong form type.

The documentation specifies data-urlencode, and you/axios are probably sending “multipart/form-data” (instead of “application/x-www-form-urlencoded”) in error causing the problem

So try

axios.post('https://id.twitch.tv/oauth2/token?grant_type=refresh_token&refresh_token=' + encodeURIComponent("RefreshTokenDeliveredFromGamesCallLandsHere") + '&client_id=mYcLiEnTiD&client_secret=sEcReThErE', {},

instead.

Thanks for the headsup @BarryCarlyon! That was the reason.

A cleaner - and WORKING - approach:

var params = new URLSearchParams();
params.append('grant_type', 'refresh_token');
params.append('refresh_token', encodeURIComponent("RefreshTokenDeliveredFromGamesCallLandsHere")); //I am not finally sure if the encode is still required here but it works with it.
params.append('client_id', "mYcLiEnTiD");
params.append('client_secret', "sEcReThErE");
axios.post('https://id.twitch.tv/oauth2/token', params, { responseType: 'json' }).then([...]
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.