OIDC requests do not appear to be working as expected

I’m using the OIDC Authorization code flow, but I’m not getting the JWT back.

I’m sending the user to:
https://api.twitch.tv/kraken/oauth2/authorize?response_type=code&client_id=<my client id>&redirect_uri=<my redirect url>&scope=openid&state=<16-character unique key>&nonce=<different 16-character unique key>

I’m then getting back the code, which I’m submitting to Kraken. But then I only get:
{ "access_token":"<numbers>", "refresh_token":"<more numbers>", "scope":["openid"] }

I’m not getting the expires_in or (more importantly) the id_token values, so I can’t then verify that token against Twitch’s JWT.

Can anyone see what I’m doing wrong here?

You exchange the access_token as like a normal oAuth via:


        url: 'https://api.twitch.tv/api/oauth2/token'
            + '?client_id=' + config.twitch.client_id
            + '&client_secret=' + config.twitch.client_secret
            + '&code=' + code
            + '&grant_type=authorization_code'
            + '&redirect_uri=' + config.twitch.redirect,
        headers: {
            'Accept': 'application/json'
        json: true,
        gzip: true
    }, function(e, r, b) {

You don’t send it to https://api.twitch.tv/api/kraken/token but https://api.twitch.tv/api/oauth2/token


Worked it out. Need to exchange the code with /api/ not /kraken/ to get OIDC.

Yep - we’re working on moving away from the Kraken namespace and this is one of the changes for that. Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.