Issue with token after authorization

Please let me know if this is not possible…but in an effort to refactor my personal API I decided to start calling the Twitch endpoints through my API so data can be combined. To do this I direct the user to the auth page and get a bearer token back. I then pass that token to my API in the header. For some reason I get a 401 if I try to use that token at all from my API. I have no idea why as I can’t view a reason in the response. The token works from postman.

Here is an example of a request I make in my API:

public async Task<bool> ValidateToken()
{
    var response = await client.GetAsync("https://id.twitch.tv/oauth2/validate");
    return response.StatusCode == HttpStatusCode.OK;
}

The HttpClient is created as follows before the validation method is called:

public TwitchService(IHeaderDictionary headers)
{
    StringValues token;
    StringValues clientId;
    var hasToken = headers.TryGetValue("Authorization", out token);
    var hasClientId = headers.TryGetValue("Client-id", out clientId);

    client = new HttpClient();
    client.DefaultRequestHeaders.Add("Accept", "application/json");

    if (hasToken)
    {
        var authToken = token.ToString().Replace("Bearer", "");
        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authToken);
    }

    if (hasClientId)
    {
        client.DefaultRequestHeaders.Add("Client-ID", clientId.ToString());
    }
}

This may not be the right place to ask this. If so, let me know and I can move to StackOverflow.

Fixed the formatting on your post for you

The validate endpoint uses the word OAuth, v5/kraken uses the word OAuth, helix/new API users Bearer

You are calling the validate endpoint,

So you used the wrong “schema” to call the validate endpoint with.

Thanks for the formatting fix! Interesting. Ok that makes sense for that endpoint, but I have the same issue with the following helix endpoints:

public async Task GetCurrentUser()
{
    var response = await client.GetAsync("https://api.twitch.tv/helix/users");
    var test = 1;
}

public async Task<int> GetFollowerCount(string userId)
{
    var response = await client.GetAsync($"http://api.twitch.tv/helix/users/follows?to_id={userId}");
    return 0;
}

Whats the actual error response? Not just the HTTP Code.

I get the following response content:

{“error”:“Unauthorized”,“status”:401,“message”:“OAuth token is missing”}

I’m confused though because I have confirmed that the header exists before making the request. I have also tried using both ‘Bearer’ and ‘OAuth’ as the scheme.

Have you debugged to ensure that your code is sending the headers in the expected formats via a post bin?

Your code looks correct but I’ve not touched .net in a loooooong while. So we’ll step thru basic debugging

Yep I have debugged and the headers seem correct to me. I refactored a bit to new up a HttpClient specifically for a method call just to see what happens:

private void AddHeaders(HttpClient client)
{
    StringValues token;
    StringValues clientId;
    var hasToken = headers.TryGetValue("Authorization", out token);
    var hasClientId = headers.TryGetValue("Client-id", out clientId);
    client.DefaultRequestHeaders.Add("Accept", "application/json");
    if (hasToken)
    {
       var authToken = token.ToString().Replace("Bearer", "");
       client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authToken);
    }

    if (hasClientId)
    {
        client.DefaultRequestHeaders.Add("Client-id", clientId.ToString());
    }
}

public async Task<int> GetFollowerCount(string userId)
{
    using (var client = new HttpClient())
    {
        AddHeaders(client);
        var response = await client.GetAsync($"http://api.twitch.tv/helix/users/follows?to_id={userId}");
        var test = await response.Content.ReadAsStringAsync();
    }
    return 0;
}

Here are the DefaultRequestHeaders that are added to the HttpClient before the request is made:

{
    Accept: application/json
    Authorization: Bearer  MYTOKEN
    Client-id: kz6qzdszljw10pr9xynwv1acoo7dsy
}

You have a double space in your Auth header. Between Bearer and the token, it should only be one space

Also edited to remove your auth as it’s basically a password and should not be posted publically

I didn’t realize it was doing that. Strange. I’ll have to see if I can fix that somehow. Also that token should be dead anyways.

EDIT:
I just changed the code to stop adding an extra space to the auth header but I still end up with the same error as before.

{
    “error”:“Unauthorized”,
    “status”:401,
    “message”:“OAuth token is missing”
}

Which endpoint is throwing that?
And what does your outbound request look like (headers and all with secrets omitted)?

Above is the endpoint that is throwing it. Here is the outbound request:
{
Method: GET,
RequestUri: ‘https://api.twitch.tv/helix/users/follows?to_id=143848419’,
Version: 1.1,
Content:
}

You don’t seem to have any headers.

Both a Client-ID And a authorization header is required.

I omitted the headers like you asked. Here is the full request:

{
    Method: GET, 
    RequestUri: 'https://api.twitch.tv/helix/users/follows?to_id=143848419', 
    Version: 1.1, 
    Content: <null>, 
    Headers:
    {
        Accept: application/json
        Client-id: myClientId
        Request-Id: |6f130d93-446199f1a749a8e9.1.
    }
}

Seeing this now, I see that my auth header is not going across in the request even though it is added to my HttpClient. Very strange. So it is getting lost somehow but the clientId doesn’t.

EDIT:
I looked into this now that I realize the request was somehow missing the auth header. Apparently this is by design and the request has to be done again according to this stack overflow post and I can confirm that it works:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.