Some help regarding OAth and validation

Hello everyone i have a good knowledge regarding programming but in terms of connections e.t.c i’m amateur. I’m trying 2 days now to follow this: Authentication | Twitch Developers
and make a code so i can get data from specific users via JSON but i fail.

So far i managed to generate a client-id but afterwards i don’t know what i need to do to continue. I cannot understand this “Bearer” oath thing it requires and how i get mine.

Is anyone able to give me a hand. Thanks in advance.

After obtaining a ClientID you then build an oAuth flow.

That oAuth flow is a webpage that users go to
They click a link
That link takes them to Twitch
They accept (or decline) to share data between their twitch account and your Application.
Then depending on the flow they return to your site with a ?code= that you can exchange for an access token, or a #access_token you can then use to make requests with.

This is generally what you do for apps that are pure front end JS you use implict auth and get the #access_token version

If you need to do actions as a user on a server then you use regular oauth and get the ?code= to exchange for an access token (and refresh token) so you can then do “offline processing”

If you are only dealing with public data and have a server, then you generate an app access token and use that for server to server requests. So to lookup user data, a user fills in a form on your website thats posts to your server and the server makes the call to Twitch and processes the response.


Is a bit vauge on what you are trying to do.

If you already have a list of users then an App Access Token works on a script/server to collect this data.

If you want people to login to your site and you get that persons data then you need an oAuth flow that logs the user in

Thank you for your fast response first of all. I’m using java and i really can’t understand the links of those redirects in order to obtain an auth code. Guide in twitch is kinda unfriendly for new developers.

As i said i already created my Client-ID and my Secret ID from Twitch Developers.

Now i guess i need to use some url to add those 2 id’s as header and request some Bearer code?
That what i’m asking the steps until the moment that i can do a HTTP request and get data for users.

Thank you again for your time.

A little but it’s “industry standard oAuth” so it roughly follows the oAuth specific used by many sites/services to create links between Client’s and Users.

What are you actually trying to do.

I outlined three different authentication methods in my first reply and the one to use depends on what you are doing.

If you have the username or ID then you can use an App Access Token to load publc data

If you want to get information about the logged in user then you use token you got from the authentication loop.

The simplest is this implict auth example, which just needs a WebBrowser and Javascript. No java involved

However this authentication method is probably not suited to what you want to actually do.

I basically want to create a code for a “emulator game” i have which get the streamer data and twitch channels info. So basically i want query a twitch channel and get it’s info + the user’s info (the owner of the channel). Those i need.

So i followed your link and i received a token:
Your Access Key from the #url: lfx6vel#################

I guess this is the Bearer they say? So i guess i do a request for a twitch channel?

PS. I Tried use it like this

URL obj = new URL("");
			HttpURLConnection con = (HttpURLConnection) obj.openConnection();
			con.setRequestProperty("Client-ID", "1mnq9hg20ml####");
			con.setRequestProperty("Authorization", "Bearer lfx6velftvo8####");


But it says “Unauthorized”

Does setRequestProperty set a header?

Yes it does, in Java setRequestProperty set a connection header.
Still i don’t get why it don’t work. I used my client-id and the auth code it generated from your site.
Maybe it has something to do with Bearer? How we use this thing anyway

You can’t do that

If using my example generated token you have to use my clientID.
You can’t use your ClientID with a token generated from the implict auth example

But then it would return a body message of “clientID and token don’t match”

Sounds like here you out putted an intrepreted message instead of the body of the error response

You’re right, now i got the body of the respond:
{"error":"Unauthorized","status":401,"message":"Client ID and OAuth token do not match"}

What should i do in this case?

Either use my ClientID

Or use your clientID and generate your own token to use.

This is the main problem i mentioned, how i generate my Bearer token with my clientID?

I provied an example

For other token types there is examples on the same github.

Or you can refer to the documentation that provides the relevant calls for the various token types

Can you provide me your Client-ID to do 1 test and check if it work (if i can fetch a channel name or so)

It’s literally in the source code hozgh446gdilj5knsrsxxz8tahr3koz

Great it works, this client-id and Bearer do expire? Can i use them for my game?
Also those allow to fetch a user info?

You shouldn’t use a token generated from someone elses token generator

Like I said in my original post depends on your work flow

If you need to get data from information you have such as a name/ID then any token works

If you need data about the logged in user then you need a user token, like how the implict example works

Thank you very much for your time. I still haven’t understand how i generate my own Bearer but i used yours.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.