OICD 'missing client id' when fetching access and ID token


I’m following the docs on OICD authorization, and after successfully being redirected to my redirect-URL with the OAuth 2.0 authorization code, I’m failing at the following part:

On your server, get an access token and ID token by making this request:

json POST https://id.twitch.tv/oauth2/token?client_id=< your client ID >&client_secret=< your client secret >&code=< authorization code received above >&grant_type=authorization_code &redirect_uri=< your registered redirect URI >

my POST request URL within Postman looks like this: https://id.twitch.tv/oauth2/token?client_id=[my-client-id]&client_secret=[my-secret]&code=[the-oauth-code]&grant_type=authorization_code&redirect_uri=http:localhost:3000/users/auth/twitch/callback

(There are no unwanted spaces or anything like that, I checked numerous times already)

But I’m getting a 400 status response with the message missing client id.

I noticed that if I add Client-ID <ID> to the headers, I get a response of missing client secret.

Why does the endpoint read headers when it’s specified in the docs that the details are supposed to be passed as query params, or is there something wrong with my request (URL)?

Even just this POST request gets the same error message: https://id.twitch.tv/oauth2/token?client_id=[my-id] so apparently query params are completely being ignored.

What the right way to pass the required properties?

Thanks in advance. :slightly_smiling_face:

Coz Twitch is weird at times.

Postman web or postman desktop.

Postman web can be weird
And postman might inject it’s own crap

You might want to compare what you are doing with this example server application

I don’t see anything obviously wrong with what you have written, so I don’t know if postman has done a weird or something else is going on.

I wonder if you turned on “oAuth” in the Postman settings and didn’t populate oAuth
So the clientID you specify in query string is being override by the unset one in postman oAuth settings.

Personally I use insomnia over postman and I don’t test oAuth stuff in the tester client I build my webcode for it instead.

As the documentation shows.

So it’s a POST submission, posting the items as query string or “normal” URL Encoded Post Form.

I tried it within my Node app and it worked, so maybe it’s related to Postman. Also, I had a typo inside my redirect_uri, but I don’t think that that was the issue. It’s fixed now, thank you. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.