"Invalid OAuth token" when making a request

I followed the instructions at this url and everything went well, up until “next steps”. I want to make a request which gets all the streamers I am following and prints out which are live. This can be found at this url. I copied the example code and replaced the client-id with the client ID I got in the previous steps, and I replaced the token with the token I got in the previous steps, I’m refering to this output:

$ twitch token
No Client ID or Secret found in configuration. Triggering configuration now.
Client ID: wbmytr93xzw8zbg0p1izqyzzc5mbiz
Client Secret: REMOVED
Updated configuration.
2021/07/30 20:20:06 App Access Token: REMOVED

where it says “App Acess Token”. When I try to make that request, I get the output

{"error":"Unauthorized","status":401,"message":"Invalid OAuth token"}

To be clear, the request I am making is this:

curl -X GET 'https://api.twitch.tv/helix/streams/followed?user_id=141981764' \
-H 'Authorization: Bearer <My App Acess Token>' \
-H 'Client-Id: <My Client ID>'

What am I doing wrong here?




The generated token, that I removed from your Post, is not a valid token. (And was about to not be as I was about to revoke it for security reasons)

So the token couldn’t be used with the API.

You should also cycle your leaked client secret

You can use a tool like Twitch | Token Checker to test if a token is valid, or Authentication | Twitch Developers

It seems that you generate a token in the CLI but then that token was no longer valid when making the curl call specified

That token and client secret was not mine, I copied it from the instruction page to not leak my own information.

But if the token isn’t valid then how do I get a token? Are the instructions on Twitch API | Twitch Developers not correct?

These instructions are correct.

Normally for script based operations you would generate a Client Credentials token as outlined here

But the type of token needed will depend on the endpoint you are calling, for streams/followed you will need a user access token with permission from the user 141981764 to read their data

Which is This kind of token instead


If you followed the guide and generated a token, you generated an App Access Token.

An App Access Token cannot be used to call the streams/followed API that needs a user token

With the scope user:read:follows

This will require a webpage that you redirect the user to, to grant permission between their account and your own ClientID

Okay thanks, but I am making a program that just lists out the streamers who are currently live and that I am following, I am not planning to release this to anyone, it will be only for personal use. I have had an application like this for months but now I have to move it to the new API because the old one is losing support, and I don’t remember that I had to go through this entire process before. Is there not an easier way to get a OAuth token just for personal use? Before I could just log in to a site and I got a token, didn’t have to do anything

You could generate such a token via the cli (see the -u flag)

Otherwise no, to grant access between yourself and your own client ID, on data that requires a scope will require an oAuth flow to get a token (and refresh token).

Sounds like you were using a third party token generator which generally is not a good idea.

When I use “twitch token -u” my browser opens up in https://localhost and then nothing more happens

And I dont really understand the instructions at Getting Tokens: OAuth | Twitch Developers , Am I supposed to make a GET request in the terminal like this:

GET 'https://id.twitch.tv/oauth2/authorize?response_type=token&client_id=<clientid>&redirect_uri=http://localhost&scope=user_read_follows

That doesn’t work for me, I get the output LWP will support https URLs if the LWP::Protocol::https module is installed.

As per the github I linked:


To use user tokens, you will need to set up your Client ID provided during configure with a redirect URI of http://localhost:3000. App access tokens will work without this step. You can configure that on the Twitch Developer console.

No that is a URL you open in a browser/send the user to

This is an implict auth example that demonstrates the flow


1 .You generate a <a href="" which would use a URL like https://id.twitch.tv/oauth2/authorize?response_type=token&client_id=<clientid>&redirect_uri=http://localhost&scope=user_read_follows
2. The user (in this case you) clicks that link accepts/declines the account link.
3. Then the user is redirected to http://localhost as the declared redirect
4. This will have a ?code= in the query string parameters.
5. You can then exchange that ?code= for an access and refresh token.

The example I linked differs at step 4: as for implict auth

  1. This will have a #access_token= to extract and use

Implicit tokens cannot be refresh like a “regular” token

Thanks I think I understand how its supposed to work now, but I get the response {"status":400,"message":"invalid scope requested: 'user_read_follows'"}. In the instruction it says the scope should be space separated but I tried that too and it didn’t work, how am I supposed to write the scope parameter?

The scope is user:read:follows

If you were requesting multiple scopes you’d put a space between each scope user:read:follows another:scope a:third:scope

Thank you so much for taking your time to help me, managed to get everything to work now!

Have a great day

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.