Unauthorized subscription on own channel

Good morning,

I’ve been having some trying to make this part work. I’m trying to generate subscriptions that require scopes to work. I’ve already set up some of the scopes I was interested on, and I tried to check, but seems like it gives me a forbidden error when I try to create this subscriptions, like I don’t have enough rights.

I’m using my own channel for this testings, but as I could read from part of the Authorization section of the Twitch API, there’s an authorization that requests another channel to grant permissions to the bot. I tried to get the token with this method, but Twitch tells me that this token is not valid. I already used the validate path to check this token before and retrieved the information. I was wondering which is the exact purpose of that token.

Which API or Product are you trying to use?

What calls did you make and what was the response?

I’m trying to use EventSub.

Sorry, seems like the bearer token liked to troll me. Seems like now is working. I regenerated again the code after at least 30 min and seems to work fine. I don’t know if it has something to be with the changes on scopes or with the privileges being granted after the token generation.

Anyway, as I asked on the last part, could I know the purpose of per user (or as it seems to me but I don’t exactly know) bearer tokens? I mean using this authorization. I don’t know if the permissions are granted and then the next bearer tokens can be used on that channel, and that could be way it started working now, or if the token that I get after this authorization has something special.

I get the following JSON with the information of the token by the retrieved code:

    "access_token": "REMOVED",
    "expires_in": 15738,
    "refresh_token": "REMOVED",
    "scope": ["bits:read", "channel:read:hype_train", "channel:read:redemptions", "channel:read:subscriptions", "user:read:email"],
    "token_type": "bearer"

Even having the scope and being a bearer token, gives me the next JSON when trying to make a subscription using it:

    "error": "Unauthorized",
    "status": 401,
    "message": "Must provide valid app token."

Edit: Sorry, I already had in my mind about removing the tokens, but my head is just messed up. Anyway luckily it’s just a test bot without oficial porpuse, so I can’t delete it just in case.

To create subscriptions on EventSub you msut use an App Access token, as the error states

App Access is also referred to as Client Credentials

You must first have created a user access token with the required scopes.

I wrote a blog post about it here How does Twitch’s new EventSub work? – Barry Carlyon

Essentially you use two access tokens of two different types. One to get permission to read, the second to actually talk to eventsub

I also redacted your token, you should never leak a generate token or refresh token.

The token is already generated. As I said, now it started working now, but using a generated token that I got through my client id and secret. My actual issue and bewilderment is with the one that is generated and gotten using the code sent to the HTTP server through the redirect URI when you give a link to a streamer. I don’t know if this token should be functional, if it should be able to grant rights to make queries or if it just allows certain type of queries.

Yes thats an App Access Token Getting OAuth Access Tokens | Twitch Developers

This token can be used to make requests to the Helix API

But EventSub only uses an App Access Token to create subscriptions. Theoretically you could generate and forget about the user token.

You need to have had the streamer grant (scoped) access between their account and the ClientID.

Twitch uses the App Access Token to see if the user has connected the app with the relevant permissions.

In stead of checking if the token has the required permissions.

It can make things a little easier when you only have to back and forth with one token for all streamers connected to your app, for event sub puproses.

Perfect, that’s what I needed to know. I was just trying to use this token as the previous one wasn’t working, probably, as I said before, cause I gave permissions to the ClientID after generating the new token. Tysm.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.