Having trouble applying scopes on OAuth token creation

dscottgrayson · March 16, 2018, 3:58pm

Using Guzzle for PHP http://docs.guzzlephp.org/en/stable/quickstart.html

I’m having trouble figuring out what I did wrong. Is there any account setup I need to do to allow scopes to be used?

Here is my code attempting to use bits:read scope. Other scopes did not work either

    /*
     * Get oauth token with bits:read scope
     */
    $res = $this->client->request('POST', 'https://id.twitch.tv/oauth2/token', [
        'query' => [
            'client_id' => config('services.twitch.id'),
            'client_secret' => config('services.twitch.secret'),
            'grant_type' => 'client_credentials',
            'scope' => 'bits:read'
        ],
    ]);

    // scope should be present in the response but it is not
    $data = json_decode($res->getBody()->getContents());
    dump($data);

    $oauth = $data->access_token;

    /*
     * test endpoint that requires authorization but not scope
     */
    $res = $this->client->request('GET', 'https://api.twitch.tv/helix/games/top', [
        'headers' => [
            'Authorization' => 'Bearer ' . $oauth,
        ],
    ]);
    // this works which showws the oauth token is correct
    dump($res->getBody()->getContents());

    /*
     * test endpoint that requires authorization and bits:read scope
     */
    $res = $this->client->request('GET', 'https://api.twitch.tv/helix/bits/leaderboard', [
        'query' => [
            'user_id' => $this->argument('user'),
        ],
        'headers' => [
            'Authorization' => 'Bearer ' . $oauth,
        ],
    ]);

    // this fails which shows that scope is incorrect
    dump($res->getBody()->getContents());

Result of the last api call to bits/leaderboard

Client error: GET https://api.twitch.tv/helix/bits/leaderboard?user_id=thebubbaarmy resulted in a 401 Unauthorized response:
{“error”:“Unauthorized”,“status”:401,“message”:“Valid OAuth token with bits:read scope required”}

Dist · March 16, 2018, 4:23pm

You’re requesting an App Access token, you need to use a User Access Token.

App access tokens are used for requests that aren’t on behalf of a specific user, in your case you’re trying to access the bits leaderboard for ‘thebubbaarmy’ so you need to request a User access token and have that user go through your authentication process, which will give you a token valid to do the request for the bits leaderboard on their channel.

As a side note, you’re also performing this request incorrectly as it needs the users ID, not username.

dscottgrayson · March 16, 2018, 4:39pm

thanks. that clears it up for me

system · April 15, 2018, 4:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.