OAuth Problems, probably my own fault anyway :/

So, what i am trying to do: still uploading a video
Where it hangs: OAuth, i get a
[401]Unauthorized - invalid oauth token

To be fully transparent and if you have to much time, here the complete code i am using Github

I obtained an OAuth Token with the usual

auth_endpoint = "https://id.twitch.tv/oauth2/token"
scope = "channel:manage:videos user:read:email collections_edit channel_editor user_read"
auth_endpoint = "https://id.twitch.tv/oauth2/token"
            payload = {
                "client_id": self.client_id,
                "client_secret": self.secret,
                "grant_type": "client_credentials",
                "scope": scope,
r = requests.post(auth_endpoint, data=payload)

Notice how scope is a hot mess of v5 and helix scopes but apparently the system gives me a valid oauth token that is secretly a bearer back. When i validate that thing it gives me that exact scope as well. So apparently that mess is valid. I tried first with just channel_editor cause that is what i need per the docs. I then added user_read cause i thought that it might need that to authenticate what user is present

Anyway, i then proceed to make the call:

twitch_endpoint_v5 = "https://api.twitch.tv/kraken/"
twitch_video_upload = "https://uploads.twitch.tv/upload/"
self.headerv5 = {
	"Accept": "application/vnd.twitchtv.v5+json",
	"Authorization": f"OAuth {self.token}",
	"Client-ID": self.client_id
url = f"{twitch_endpoint_v5}videos"
payload = {
           "channel_id": "<INT>",
           "title": title,
r = requests.post(url, data=payload, headers=self.headerv5)

i also tried to create a random collection just for the heck of it, acquiring another token but the result is the same. Conclusion on my part: i did something with the token wrong, its either the method how i obtain it or there is some intermediary step i have to do. But the question is…what?

Kind regards

You need a user token not a server to server token.

You generated a token that doesn’t represent anyone/a user.
Then tried to upload a video as “no user” so there was no user to own the video.

Also you requested user:read:email/user_read on a token that can’t have a user.

You need


TLDR: You have the wrong type of token.

“OAuth” and “Bearer” are just “prefixes” that kraken and helix return. Any token is an “OAuth Token” and is a “Bearer Token”. It’s not secretely anything it’s just an oAuth token.

No that doesn’t make a user be present in the token, that grants access to non public information about the user (in this case the email) when generating a regular user token.

But client_credentials doesn’t have a user attached to it.

The validate endpoint didn’t return a UserID in the response though did it?

1 Like

Currently not at the pc, so no testing done yet.
I have seen the other auth method and it said something of localhost.
But, if i see that right i need to spin up a Webserver and write some roundabout php stuff just to get an auth token for a program that is ever only used by one person per time. I have problems understanding that and wrap my head around this. Why can’t i just generate a token inside my account but instead need to design a whole key generation infrastructure around something.
The answer is most likely security but i am really questioning my intelligence for just not getting it

Becuase Twitch doesn’t provide a way to do that.

The Console doesn’t have a “give me a token for my account” system.

There are third party third party token generators or you can just grab/write a script.

I have a “one page” PHP example on https://github.com/BarryCarlyon/twitch_misc/tree/main/authentication/user_access_generator which might save you timed, (or a nodeJS one if that takes your fancy)

You’ll need to generate a token via the web flow.
Then when that token dies use the refresh token to get a new token.
If the refresh token is dead then you’ll need to web flow again

1 Like

I will try that and report back

Thank you anyway for your continued effort

To the surprise of noone this works of course, i am still a bit miffed that the process is fairly complicated and that i cannot just let my program zombie around since client tokens are rather short lived. I could set a cron job to extend them every 2 hours but is that the way its supposed to be?

A “regular” user token is only valid for four hours.
And you only need to refresh it when you need it.

So you only need to use the refresh token to get a new access token when you are about to go and upload a video, not every 2 hours.

But yes you can use a cronjob to do it every 2 hours.

I have a cronjob that runs every 15 minutes and checks the expiration time on the token

And if it’s less than 30 minutes, then I make a new token. Thats for “high use tokens”

For chat bot tokens I refresh when the bot restarts and needs to connect to chat, since the token only needs to be valid when the bot connects to chat. Then the bot will internally use an app access token to call public data (like stream titles)

This is “industry standard” oAuth. Sure Twitch’s token expiration is potentially shorter than other sites.

But once you have learned oAuth then the exact same code works on a multidue of sites. You just have to plug in a different set of keys and the URL’s

So with a template you can get (off the top of my head)

  • adobesign
  • discord
  • ebay
  • elite dangerous
  • github
  • mixer (yeah it’s dead now)
  • shopify
  • slack

these all use the same base code I jsut feed it different URL’s and lists of scopes

(not Tiwtter that users oAuth 1.0a which works differently)

Whta doesn’t work, what error are you getting for which request?

I would not dream to say that the standard is bad or anything, i already expected that its “complicated” for a reason, its just a personal dumbness that i struggle with the process. As per usual i had an interesting idea and just wanted to dive into it and was a bit annoyed that i encountered a hard stop that served as a serious diversion. But you are right, the knowledge i found here will be of use for me for other projects.

Whta doesn’t work, what error are you getting for which request?

oh, i am sorry, we have a missunderstanding here. Everything works just fine after i did the correct authentication and i proceeded with my stuff. I greatly appreciate your pointers.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.