Keep getting missing client_secret when using Twitch API (OIDC Authorization Code Flow)

yingluwang · February 10, 2018, 10:14pm

Hi,
I am trying to use Twitchtv API to get online users. I am just at the very first step. I have registered an application and got Client ID. I use OIDC Authorization Code Flow to authenticate my registered redirect URI.

I put the below URL in the web browser to get code: https://api.twitch.tv/kraken/oauth2/authorize?client_id=&redirect_uri=http://localhost&response_type=code&scope=channel_read+channel_stream+user_read+user_subscriptions+openid

Then I extract code from Redirect URI.

Then I put the below code into Mac Terminal: curl -X POST https://api.twitch.tv/api/oauth2/token?client_id=&client_secret=&code=&grant_type=authorization_code&redirect_uri=http://localhost

But instead of getting a JSON response with access token, refresh token (etc.) information, I get {“error”:“Bad Request”,“status”:400,“message”:“Missing required parameter “client_secret””}

I have been struggling this for two days…I also tried OAuth Authorization Code Flow but got the same result.

Also, when I click New Secret (to get my first client secret), do I need to click submit?

I guess there might be some problems with (a)redirect URI or (b)“curl -POST” in terminal or ©Client Secret…

Anyone can help…?

Dist · February 11, 2018, 1:04am

The reason you’re getting a 404 is because you’re POST’ing to the wrong URL. https://api.twitch.tv/kraken/oauth2/token should be https://api.twitch.tv/api/oauth2/token

POST https://api.twitch.tv/api/oauth2/token
    ?client_id=<your client ID>
    &client_secret=<your client secret>
    &code=<authorization code received above>
    &grant_type=authorization_code
    &redirect_uri=<your registered redirect URI>

yingluwang · February 11, 2018, 1:33am

Hi! I corrected it according to your reply but still got the same result…

BarryCarlyon · February 11, 2018, 11:02am

as per OIDC Authorization - Bad Request - PHP

Check your headers are right.

Personally I’m running (for nodeJS Express/Request)

    var code = req.query.code ? req.query.code : false;

        request.post({
            url: 'https://api.twitch.tv/api/oauth2/token'
                + '?client_id=' + config.twitch.client
                + '&client_secret=' + config.twitch.secret
                + '&code=' + code
                + '&grant_type=authorization_code'
                + '&redirect_uri=' + config.twitch.redirect,
            headers: {
                'Accept': 'application/json'
            },
            gzip: true,
            json: true
        }, function(e, r, b) {
            if (e) {
                console.log(e);

                return;
            } else if (r.statusCode == 200) {

system · March 13, 2018, 11:02am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.