[PHP] Can't get Access Token

API
1

I’m trying to get my OAuth access key using the Twitch API (I must admit it is such a long winded way compared to previously).

Here’s what I have so far and it just returns absolutely nothing - obviously my ID/Secret/Code is stored in the appropriate variables.

// Get OAuth part 2
$url = "https://id.twitch.tv/oauth2/token";
$fields = array(
    "client_id" => $ClientID,
    "client_secret" => $ClientSecret,
    "code" => $auth,
    "grant_type" => "authorization_code",
    "redirect_uri" => $redir
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,  $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));
$output = curl_exec($ch);
print_r($output);
curl_close($ch);

Am I doing something wrong? Apparently the URL returns a 404 error so I read that you had to do a POST request using CURL. But still nothing.

Any help would be appreciated. Everything I’ve read on these forums hasn’t worked.

2

This example might help you

The only difference between mine and yours is that yours is doing

curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));

and mine is just

curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);

But that wouldn’t generate a 404 unless PHP is messing about somewhere. Unless you were getting the 404 with a GET request, it’s unclear if your current error is a 404 or not. (You got a 404 and switched to POST and now getting a different unspecified error, which means it’s your POST field encoding)

I run

        $ch = curl_init('https://id.twitch.tv/oauth2/token');
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, array(
            'client_id' => CLIENT_ID,
            'client_secret' => CLIENT_SECRET,
            'code' => $_GET['code'],
            'grant_type' => 'authorization_code',
            'redirect_uri' => REDIRECT_URI
        ));
3

I think i resolved the issue. I tried to return the error that CURL was giving and it said: “unable to get local issuer certificate”

A quick google search returned that I should add the following params:

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

I did this and now it seems to be working. Maybe I shouldn’t have jumped the gun and made a post about it - I normally only do so as a last resort - but at least if others see it they might benefit from the answer.

–EDIT–
This was a temporary solution that I had when building on a localhost environment without HTTPS. Do not do the above in a live environment - instead make sure your SSL Certificate is up to date. Thanks to BarryCarlyon for the heads up.

4

NO DO NOT DO THIS.

IF YOU NEED TO DO THIS THEN YOUR SSL BUNDLE IS OUT OF DATE AND SHOULD BE UPDATED

5

Would this matter if I was only testing on a non https localhost? I’d assume once I moved this to my website that has an SSL I probably wouldn’t have had the issue no?

6

You should fix your localhost, otherwise localhost is not a good model of production.

And you’ll end up forgetting to remove your “localhost specific code” and break productions security, since the code you are adding introduces a security vulnerability

7

Thanks… I’ll bear this in mind… and I’ll also mark yours as the solution since mine is a temp workaround which could have negative repercussions for the average user.

8

This error usually means you have something “out of date”

Either PHP itself, cURL, or it’s cert bundles.

Fixing that depends on which platform you are on

It’s usually only a “problem” on certain windows setups (WAMP)

So you’ll need to find the fix for your specific platform

9

Yep, I was using WAMP :slight_smile:

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.