Oauth2 authentication getting "Forbidden - CSRF token invalid"

I’m working on a login in a Android App which loads the authorize page via WebView.

My URL looks something like this:


The login form loads fine in my app but once I try to login with any account i get a blank page with only 1 line of text “Forbidden - CSRF token invalid”

Earlier I had this exact same setup working, but now it throws this error. Sign Up results in the same. New ClientId/App doesn’t help either.

Any idea what I’m doing wrong? I’m getting a redirect to passport.twitch.tv but I don’t see any csrf_token in there just my client id (twice weirdly)

Looks kinda weird:

https://passport.twitch.tv/sessions/new?client_id=CENSORED&redirect_path=https://api.twitch.tv/kraken/oauth2/authorize?action=authenticate&client_id=CENSORED&redirect_uri=http%3A%2F%2Flocalhost&response_type=token&scope=user_read+chat_login&redirect_uri=http://localhost&response_type=token&scope=user_read chat_login

Replying myself because I’m retarded.

The oauth login requires javascript!

This line:

twitchLogin.settings.javaScriptEnabled = true

was commented out. So make sure to enable Javscript for your webview when you make a login field.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.