Getting authorization_code via https://api.twitch.tv/api/oauth2/token? stopped working without making any code changes

Hi

I really hope someone can assists. I have read so many articles and nothing speak to what we are experiencing, We created a web site call streamersguild.net, in December we update some of the look and flow of the site. We published and all was working fine, tested logon in both our UAT and Prod environments no problem.

As of the beginning of this year (not sure of an exact date) we started getting reports that there is a problem after singing in with your twitch account,

I have been troubleshooting and found that for some reason, (no change made to code) the API call is no longer returning a user ID which result in our cookie being empty then causing all sorts of havoc.

On button click we use the following code:

Response.Redirect(@"https://api.twitch.tv/kraken/oauth2/authorize?client_id=pv5c21ug6u8neqo2u3rqiyo8uqh838&redirect_uri=http://localhost:58323/loading/twicth/callback&response_type=code&scope=user_read", false);
Context.ApplicationInstance.CompleteRequest();

The above is taken from our UAT environment, this successfully takes you to the twitch login and once you enter the correct credentials it successfully redirect with the code in the URL. We then extract and post the following:

var httpClient = new HttpClient
{
BaseAddress = new Uri(@"https://api.twitch.tv/api/oauth2/token?client_id=pv5c21ug6u8neqo2u3rqiyo8uqh838&client_secret=REMOVED&code=" + CODEGOESHERE + "&grant_type=authorization_code&redirect_uri=http://localhost:58323/loading/twicth/callback")
};
HttpResponseMessage responseMessage = httpClient.PostAsync(httpClient.BaseAddress, null).Result;
responseMessage.EnsureSuccessStatusCode();

The above use to work no issue, but now we are getting:
{"Response status code does not indicate success: 404 (Not Found)."}

{StatusCode: 404, ReasonPhrase: 'Not Found', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Access-Control-Allow-Origin: *
  Pragma: no-cache
  Twitch-Trace-Id: 2e4fb416d6f88f3179452b68078acc99
  X-Ctxlog-Logid: 1-5c3c9e6e-7b19ac7900ccd2e14c933810
  Timing-Allow-Origin: https://www.twitch.tv
  Connection: close
  Cache-Control: no-store, must-revalidate, no-cache, private
  Date: Mon, 14 Jan 2019 14:36:30 GMT
  Server: nginx
  Content-Length: 67
  Content-Type: application/json; charset=utf-8
  Expires: 0
}}

I cannot find any reason for the change in behavior as we have not made any changes to the twitch app config or the code, it was working and now it is not working. Unfortunately I can only confirm that it was defiantly working in December.

Please help…

The URL for exchanging a token should be https://id.twitch.tv/oauth2/token as mentioned in the docs https://dev.twitch.tv/docs/authentication/ The authorization URL where you initially redirect the user to is out of date too, so I suggest you update that.

The URL was changed many months ago and deprecated the old URL, so perhaps the issue is that they’ve simply disabled the old URL that has been out of date for many months.

Also, you’ve just disclosed your client secret so you should revoke that secret immediately.

Edited and removed

TLDR: you should migrate off the old oAuth end points to id.twitch

Yup i am aware, test environment, did change it, thanks.

Okay thank you very much, appreciate the quick response. We weren’t expecting anything to change, so are the links we are using from version 3?

Technically no, the oAuth routes are not versioned, they just added new ones on id.twitch instead of api.twitch and advised people to move

Okay great that does clear up the confusion, as we used Kraken in the initial URL we believed it was part of version 5, thanks for the feedback.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.