How to get programmatically the oauth token after redirect?

Yannis_Poulakis · March 2, 2021, 11:21am

Hello everyone! Sorry if this is a duplicate, but could not find it anywhere. What i am trying to do is programmatically in python retrieve the oauth token after the user has been redirected .Could anyone either explain just a little bit the process to me or direct me towards any resources to achieve that? I am currently using a simple version with Flask and requests, just to get started.

Thank you in advance.

BarryCarlyon · March 2, 2021, 12:56pm

When using “regular” oAuth the token is returned in step 3

Here is a sample request:

POST https://id.twitch.tv/oauth2/token
    ?client_id=uo6dggojyb8d6soh92zknwmi5ej1q2
    &client_secret=nyo51xcdrerl8z9m56w9w6wg
    &code=394a8bc98028f39660e53025de824134fb46313
    &grant_type=authorization_code
    &redirect_uri=http://localhost

You exchange the ?code= on the redirect for a access_token and refresh token

If using implcit

It’s only really available to the front end, via javascripts document.location.hash

For server to server/app access/client credentials it’s returned similar to regular user oauth in the POST request you make

Which token you attempt to get will depend on what you want to do with that token

Yannis_Poulakis · March 2, 2021, 1:13pm

Sorry that was a mistake on my definition of the problem,

I am trying out the Authorization flow.
What i am not currently able to achieve is to extract the code programmaticaly from the url the user is getting redirected (before the POST request).

For example:

@app.route("/")
def redirect_for_auth():
return redirect("https://id.twitch.tv/…?response_type:…?..)

redirects the user to the correct url to login and be provided with a code to be later posted for an auth token exchange.

What i am trying to achieve is to get this url server side without another redirection for the client if that makes any sense

Thanks a lot for your help.

BarryCarlyon · March 2, 2021, 1:16pm

Step 1 redirect user to Twitch
Step 2 user accepts or declines the link between clientID and application
Step 3 user returns with a ?code in the URL params (or an error)
Step 4 Obtain the code from the URL and with a curl POST request get a token

This’ll depend on the langauge you are using.

PHP will be $_GET['code'] https://github.com/BarryCarlyon/twitch_misc/blob/master/authentication/user_access_generator/php/index.php#L32
nodeJS will be (for express) req.query.code https://github.com/BarryCarlyon/twitch_misc/blob/master/authentication/user_access_generator/nodejs/server.js#L110

This only holds true if you are doing regular user authentication which is my assumption

system · April 1, 2021, 1:17pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.