Twitch bot - 401

API
1

Yo!

Im trying to build a twitch bot with help of google etc. But Im getting

API Status Code: 401
API Response: {“error”:“Unauthorized”,“status”:401,“message”:“Invalid OAuth token”}
Error while fetching moderators. Status Code: 401

When trying to get moderators with the API. I am 100% sure OAuth token is correct and its not expired. I am trying to make !addcmd to only mods and I cant get it to work. And I think the biggest issue is that I cant get the API to work.

What could it be, why is it Unauthorized if I know that the OAuth is correct and so is the Client_id?

2

You did generate an oAuth token and are not trying to use your client secret as a token? And you also have created a user access token and not a client credentials token?

The usual flow is this one

And that token’s user ID is the channel you are trying to read the moderators of?

The Get Moderators API will require a user token with moderation:read or channel:manage:moderators (usually the former scope)

And if I want to read fred moderators I need a token from fred

3

I have generated an OAuth token with the help from the Client ID token I got from creating the “app” on dev.twitch.tv and I am not using the client secret.
What do you mean by user access token? You dont mean the client id I m getting from the app page?

I do have those scopes in that generated OAuth token yes.

Hmm, have I missunderstood completelty, the CLIENT_ID in the code, should be the channel Im connecting to and not the apps client id? Holy shit, Im getting confused now :smiley:

4

No

The channel you want to read the moderators of, has to login with twitch with your client ID.

So the streamers needs to grant permission to your client to read moderators

Who owns the clientID is irrelevant.

So I have a client ID foo
If I want to read cohhcarnage’s moderators, I ask cohhcarnage to go to my website and login with Twitch, granting the relevant scopes.

So cohhcarnage creates a link between his account and my clientID
Then I use the resultant oAuth token to read cohhcarnage’s moderators.

cohhcarnage does not have to create his own clientID.
Just needs to gran access to my clientID to his account

A user access token is generated from clientID/clientsecret/user interaction set

So:

  • user goes to your website example: https://chatbot.barrycarlyon.co.uk/
  • user clicks on “Connect with Twitch” in this case the “New/Refresh Broadcaster Login” button, as this is the “main scopes set” link for my chatbot
  • user is sent to Twitch
  • user accepts (or declines) the link request betwee their account and my clientID.
  • user is redirected back to my website
  • I grab the ?code and with the client secret, exchange it for an access token and refresh token.

That in a nutshell is how oAuth works.

This sounds like you generated a client credentials token aka app access token which doesn’t represent a Twitch user. So cannot be used to call “Get Channel Moderators”

See Authentication | Twitch Developers

5

Holy moly. I thought I had all figured out. So I have the wrong client id, lets start there. I am using this layout as Using OIDC to get OAuth Access Tokens | Twitch Developers says:

https://id.twitch.tv/oauth2/authorize
    ?response_type=code
    &client_id=hof5gwx0su6owfnys0nyan9c87zr6t
    &redirect_uri=https://localhost:3000
    &scope=channel%3Amanage%3Apolls+channel%3Aread%3Apolls+openid
    &state=c3ab8aa609ea11e793ae92361f002671
    &nonce=c3ab8aa609ea11e793ae92361f002671

But the client id I put in is from the app, so thats wrong? How do I know what client id I should say?
And if I had the correct client id, with the correct scopes, I get an access_token wich is my OAuth key, correct?

Sorry for beeing slow but well, I just started, duuh :smiley:

6

You use the client ID from your dashboard at

hof5gwx0su6owfnys0nyan9c87zr6t is the code examples clientID you should substitute this for your cleintID.

Also generally you wouldn’t use OIDC here but you can.

7

Yeah the client ID from inside the app I have started or?

What should I use instead of OIDC?

8

Normally Authorization code grant flow

9

Alright lets see if I have understood correct:
1 Create app and get the client ID
2 Go to the website that I linked before with the client ID and correct scopes
3 Then I get the OAuth

But you said I should use the app client id but I cant really find any else?

10

The App client ID is the Client ID for your App(lication)

It’s not a “seperate” thing to a “client ID”

11

Alright alright! So I should use the client ID for my app, but I dont have a client id at the link you linked.

12

Assuming you have created a clientID

image
image1313×434 45.7 KB

Click manage on your application

13

Yeah, and when I click the manage there is my name on the “app”, redirect URL, catagory and the Client-id.

14

So the client ID you need is that clientID…

15

Yeah, so I have had the correct client id all the time.
so when I have generated that oauth key, what “url” do I open with my streamer account, not the bot account.

16

What do you mean by oAuth key?

refer to the documentation

something like

https://id.twitch.tv/oauth2/authorize
    ?response_type=code
    &client_id=YOURCLIENTID
    &redirect_uri=YOURREDIRECTURI
    &scope=moderation:read+OTHERSCOPESIFNEEDED
17

By OAuth token I mean:

[Album] Imgur: The magic of the Internet

Alright, so if I do it like that, and the answer I get from that URL, the access token, is the oauth key, no?

18

The answer from that URL contains ?code=

You then exchange the code for an access and refresh token

See Use the authorization code to get a token

19

Trying to: https://id.twitch.tv/oauth2/token
client_id=The Client ID
&client_secret=The Client secret
&code=The code I got from the first url
&grant_type=authorization_code
&redirect_uri=https://localhost

and getting 404 page not found

20

Sounds like you did a HTTP GET isntead of a HTTP POST