Hello there,
I’m trying to get my authorization code with an axios POST call in JS, with all the good parameters sended to this url : https://id.twitch.tv/oauth2/token.
But I’ve got this error as response :
I’ve already get my code in this URL : https://id.twitch.tv/oauth2/authorize
Here is my JS code :
I really don’t know here is the problem…
Thanks for help ! 
This likely indicates that the code which is a one use code has already been used to be exchanged for an access code.
Since you have this hardcoded rather than fetching it from query string parameters.
Addititionally your JS code indicates (DomContentLoaded) that you appear to be doing a code to token exchange in the front end, which will leak you private client_secret to the world.
Yes I have refresh a new code and it does work really well.
This code was for testing purposes but I will leave all my code in a secure file of course
Thank you for your answer ! 
If you are making the request from the front end and not the backend then users can extract the client secret from the axios call made as it will log in the network inspector part of any web browser inspector.
So a “secure file” doesn’t really exist on the front end.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.