User Authorization to validate/confirm twitch username

Hey there,

This is my first time messing with the twitch API and I’m a little lost. Right now I have a button that links to the following:;client_id= <CLIENT ID> &amp;redirect_uri= <LOCALHOST>

to authorize my app. I’m getting back their access token, but what I want to happen essential is just be able to validate that the user is who they say they are. Get their username or ID and then use<CHANNEL> to check basic info.

Right now I’m getting back an access token but I’m not sure what to do with it after reading the docs to get the info I want. There isn’t anything I need in the scopes section so I’m just a bit lost. Any help is greatly appreciated in steering me in the right path.

You should use the Get Users endpoint

If you send a request to that endpoint without specifying an id or username it’ll return the details of the user associated with the access token.

Thanks for the reply, Dist!

when trying to curl that endpoint with the response token I’m getting :
“error”: “Bad Request”,
“status”: 400,
“message”: “Must provide an ID, Login or OAuth Token.”

I used the endpoint:

my Headers:
Client-ID: <CLIENT ID>,
Authorization: Bearer <INITIAL RESPONSE TOKEN>

Finally figured it out!
Thank for leading me down the right path @Dist.

For posterity:
Use the new Helix API instead. Request a token with the code. (Docs link from @BarryCarlyon below) Then use that to get the user’s ID/username. And finally with API v5 make a call to the channel you’re requesting for the basic info.;client_id=<CLIENT ID>&amp;redirect_uri=<REDIRECT>&amp;scope=<SCOPE>

In your OP you were using the “old” version of the authentication system.

You should be using

You should still use code.

token is for OAuth Implicit Code Flow
code is for OAuth Authorization Code Flow
client_credentials is for OAuth Client Credentials Flow

Token as a auth method is more for apps that you release the application to be downloaded (such as mobile apps) you don’t get a refresh token. It works but generally the oAuth Authorization flow is preferred.

It sounds like you were calling the code flow and then not exchanging the code for a token (post 2).

You should refer to

to be sure you are obtaining the right kind of tokens for your Application. The one you are using, the codes expire and cannot be refreshed by your application

@BarryCarlyon you’re right, I ended up mixing the two initially.

Thanks, for the info! Just updated it.

question though.

I’m making a bunch of calls at the moment right now with that setup, is this just the way it is to get what I need?


That looks about right yes

1 Like

Sweet, just wanted to confirm. Thanks a million!


Step 1 isn’t a GET it’s a REDIRECT

You send the user to Twitch to auth and come back

Whoops, my bad that’s what I meant haha. I’ll edit my post

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.