Missing required oauth scope

murnux · August 31, 2018, 4:04pm

I am trying to update the title and game of a stream using the kraken api from my twitch chat bot.

I am getting a 401 response with the message: “missing required oauth scope”

I am using Golang as the language, below is the relevant code:

var dataToSend = []byte(`{"channel": {"status": "The Finalest of Fantasies", "game": "Final Fantasy XV", "channel_feed_enabled": true}}`)

fmt.Println("Channel: " + channelID)
url := "https://api.twitch.tv/kraken/channels/<channelID>"
req, _ := http.NewRequest("PUT", url, bytes.NewBuffer(dataToSend))
req.Header.Set("Client-ID", "<bot client id>")
req.Header.Set("Authorization", "OAuth <channel oauth>")
req.Header.Set("Accept", "application/vnd.twitchtv.v5+json")
req.Header.Set("Content-Type", "application/json")

Thanks for any help everyone!

BarryCarlyon · August 31, 2018, 5:58pm

You are specifying a Channel oAuth that does not have the relevant scope applied

You must get a oAuth

for channel <channelID> with the scope channel_editor

It sounds like you are using

for bot of <userID> with no useful scopes update <channelID>

As documented:

murnux · August 31, 2018, 9:50pm

Thanks, that fixed it.

The bot is open source, and the user would host the bot themselves, so they need an OAuth token.

Do they have to manually create the oauth token with all of these scopes, or is there a way the bot can automate that?

Dist · August 31, 2018, 10:47pm

A bot can host a local site to allow the user to go through the OAuth flow and get a token, but it will always require user interaction initially as the user has to accept connecting to that app. Once you have an access token for a user though, the app can use the refresh token to get a new access token when the old one expires without user intervention (unless they revoke the token in the future).

BarryCarlyon · August 31, 2018, 10:52pm

Further more.

If the bot is open source, with the intent to download and run a copy, as apposed to contributing via PR requests, you would probably, want users to create and apply their own Client ID and Secret keypair in order to not leak your own secrets, for the purpose of generating oAuth tokens/bearers and Refreshes thereof

system · September 30, 2018, 10:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.