Getting 400 error when trying to refresh a token (client secret missing)

Firesplash · August 22, 2020, 4:41pm

Hi!

I am successfully running a game which connects to Twitch.
Currently I did noit need a valid access token all the time but this is changing now so I probably need to refresh the token during the session.

I am running a nodejs based backend which I am using for handling the authentication stuff (as secrets in delivered assemblies are nerver secret…)

My code:

axios.post('https://id.twitch.tv/oauth2/token', {
				'grant_type': "refresh_token",
				'refresh_token': encodeURIComponent("RefreshTokenDeliveredFromGamesCallLandsHere"),
				'client_id': "mYcLiEnTiD",
				'client_secret': "sEcReThErE"
			},
			{
				headers: {
					'Client-ID': "mYcLiEnTiD"
				},
				responseType: 'json'
			})
			.then((res) => {
				if (res.statusCode == 200) {
					if (debug) console.log('[' + (new Date()).toISOString() + '] Refresh successful');
					[...]
				}
			})
			.catch((error) => {
				if (debug) console.log('[' + (new Date()).toISOString() + '] ' + error + ': ' + JSON.stringify(error.response.data));
[...]
			});

I get the following result:
Error: Request failed with status code 400: {“status”:400,“message”:“missing client secret”}

Can you lead me to what I’ve done wrong?

BarryCarlyon · August 22, 2020, 4:54pm

You don’t need a the headers

I wonder if sending headers and HTTP post body has confused the API and it’s ignored your POST body because of the header

The API call to refresh is just

POST https://id.twitch.tv/oauth2/token
    --data-urlencode
    ?grant_type=refresh_token
    &refresh_token=<your refresh token>
    &client_id=<your client ID>
    &client_secret=<your client secret>

No headers needed, so remove that

Firesplash · August 22, 2020, 5:00pm

Thanks for your reply @BarryCarlyon!
Unfortunately omitting the header makes things worse: {“status”:400,“message”:“missing client id”}

BarryCarlyon · August 22, 2020, 6:41pm

The axios post is posting using the wrong form type.

The documentation specifies data-urlencode, and you/axios are probably sending “multipart/form-data” (instead of “application/x-www-form-urlencoded”) in error causing the problem

So try

axios.post('https://id.twitch.tv/oauth2/token?grant_type=refresh_token&refresh_token=' + encodeURIComponent("RefreshTokenDeliveredFromGamesCallLandsHere") + '&client_id=mYcLiEnTiD&client_secret=sEcReThErE', {},

instead.

Firesplash · August 22, 2020, 9:19pm

Thanks for the headsup @BarryCarlyon! That was the reason.

A cleaner - and WORKING - approach:

var params = new URLSearchParams();
params.append('grant_type', 'refresh_token');
params.append('refresh_token', encodeURIComponent("RefreshTokenDeliveredFromGamesCallLandsHere")); //I am not finally sure if the encode is still required here but it works with it.
params.append('client_id', "mYcLiEnTiD");
params.append('client_secret', "sEcReThErE");
axios.post('https://id.twitch.tv/oauth2/token', params, { responseType: 'json' }).then([...]

system · September 21, 2020, 9:19pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.