OAuth client-secret invalid after oauth_receipt

I am having issues generating an OAuth code after enabling my extension with oauth_receipt endpoint where I keep getting invalid_client_secret error.

Steps taken:

  1. User authorises exstension
  2. Save param ‘code’ for later
  3. post to https://api.twitch.tv/extensions/<extension id>/0.0.1/oauth_receipt?channel_id=<channel id>
    with header “Authorisation”: Bearer <token>
  4. Endpoint returns 204
  5. post to https://api.twitch.tv/kraken/oauth2/token?client_id=<extension id>&client_secret=<urlencoded secret>&code=<code received from 1.1>&grant_type=authorization_code&redirect_uri=<urlencoded url>


"error": "Forbidden",
"status": 403,
"message": "Invalid client secret"

The <client secret> that I am using is the one generated from https://api.twitch.tv/extensions/<extension ID>/auth/secret
Which I assume is not the correct client secret I am looking for, can anyone shed some light on this?

The Extension dashboard doesn’t show you the Client Secret (but does the RedirectURI).

Obtain the Client Secret from: https://dev.twitch.tv/dashboard/apps/MYEXTENSIONID/edit like a Traditional App.

I raised this issue with the devs at TwitchCon so I know a ticket is in.